Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Mes_Drivers_3.0.4.exe

Overview

General Information

Sample Name:Mes_Drivers_3.0.4.exe
Analysis ID:445340
MD5:50a5e891da27e63d54e68511e48aa026
SHA1:87073d85a7ba420b15c8bb9a9e4adc64db2bcfef
SHA256:0788aaea249d92a84f70047efcacaa54c26320b439c490ba3ce00457955031d6
Infos:

Most interesting Screenshot:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
AV process strings found (often used to terminate AV products)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file contains strange resources
Queries device information via Setup API
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected AESCRYPT Tool
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Mes_Drivers_3.0.4.exe (PID: 400 cmdline: 'C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe' MD5: 50A5E891DA27E63D54E68511E48AA026)
    • cmd.exe (PID: 1500 cmdline: 'C:\Windows\system32\cmd.exe' /C START '' 'C:\Users\user\AppData\Local\Temp\interface.lnk' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 2904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 5064 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\interface.cmd' ' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 5468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mode.com (PID: 5624 cmdline: MODE CON: COLS=76 LINES=15 MD5: D781CD6A6484C276A4D0750D9206A382)
        • cmd.exe (PID: 2588 cmdline: C:\Windows\system32\cmd.exe /S /D /c' VER ' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • findstr.exe (PID: 6040 cmdline: FINDSTR /I /R /C:'version 5\.[0-1]\.' MD5: 8B534A7FC0630DE41BB1F98C882C19EC)
        • waitfor.exe (PID: 2172 cmdline: WAITFOR unlock MD5: 83E921720CA3BD03CF6BF5686E802C3D)
    • detection.exe (PID: 5556 cmdline: 'C:\Users\user\AppData\Local\Temp\detection.exe' MD5: 02BA1C44B6392F013A7AA0B91314F45A)
      • conhost.exe (PID: 5976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • curl_x64.exe (PID: 5968 cmdline: 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request GET 'https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4' MD5: E80C8CB9887A7C9426D4E843DDDB8A44)
      • waitfor.exe (PID: 1012 cmdline: WAITFOR /S DESKTOP-716T771 /SI unlock MD5: 83E921720CA3BD03CF6BF5686E802C3D)
      • sc.exe (PID: 5852 cmdline: SC query Winmgmt MD5: 24A3E2603E63BCB9695A2935D3B24695)
      • waitfor.exe (PID: 2904 cmdline: WAITFOR /S DESKTOP-716T771 /SI unlock MD5: 83E921720CA3BD03CF6BF5686E802C3D)
      • detect_x64.exe (PID: 360 cmdline: 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' driverfiles 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\* MD5: 6A7EC375AF8BA2E87FF7F23497E9944E)
      • detect_x64.exe (PID: 5504 cmdline: 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' drivernodes 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\* MD5: 6A7EC375AF8BA2E87FF7F23497E9944E)
      • detect_x64.exe (PID: 1012 cmdline: 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' hwids 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\* MD5: 6A7EC375AF8BA2E87FF7F23497E9944E)
      • detect_x64.exe (PID: 1692 cmdline: 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' stack 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\* MD5: 6A7EC375AF8BA2E87FF7F23497E9944E)
      • detect_x64.exe (PID: 1704 cmdline: 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' status 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\* MD5: 6A7EC375AF8BA2E87FF7F23497E9944E)
      • waitfor.exe (PID: 6812 cmdline: WAITFOR /S DESKTOP-716T771 /SI unlock MD5: 83E921720CA3BD03CF6BF5686E802C3D)
      • aes_x64.exe (PID: 7004 cmdline: 'C:\Users\user\AppData\Local\Temp\aes_x64.exe' -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o 'C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' - MD5: E5125D4651C008EBA61D9FD3ABD5AB31)
      • curl_x64.exe (PID: 7020 cmdline: 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request POST --form 'v_configuration=<C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' 'https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4' MD5: E80C8CB9887A7C9426D4E843DDDB8A44)
      • cmd.exe (PID: 7064 cmdline: 'C:\Windows\system32\cmd.exe' /C START '' 'http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • iexplore.exe (PID: 7120 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
          • iexplore.exe (PID: 3000 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7120 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • waitfor.exe (PID: 7072 cmdline: WAITFOR /S DESKTOP-716T771 /SI unlock MD5: 83E921720CA3BD03CF6BF5686E802C3D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Mes_Drivers_3.0.4.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\aes_x64.exeJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
      C:\Users\user\AppData\Local\Temp\aes_x86.exeJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000001.00000000.218185318.0000000000401000.00000020.00020000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmpJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
              00000004.00000003.399944667.00000000009B3000.00000004.00000001.sdmpwebshell_asp_genericGeneric ASP webshell which uses any eval/exec function indirectly on user input or writes a fileArnim Rupp
              • 0x3cce:$asp_gen_obf1: "+"
              • 0x3da4:$asp_gen_obf1: "+"
              • 0x3f20:$asp_gen_obf1: "+"
              • 0x148e2:$tagasp_classid1: 72C24DD5-D70A-438B-8A42-98424B88AFB8
              • 0xa040:$asp_input1: request
              • 0xf2be:$asp_input1: request
              • 0x9ccc:$asp_xml_method1: GET
              • 0xa050:$asp_xml_method1: GET
              • 0xee06:$asp_xml_method2: POST
              • 0xf2ce:$asp_xml_method2: POST
              • 0x13d4:$asp_payload11: WScript.Shell
              • 0x1340:$asp_multi_payload_one1: CreateObject
              • 0x13b8:$asp_multi_payload_one1: CreateObject
              • 0x1340:$asp_multi_payload_four1: CreateObject
              • 0x13b8:$asp_multi_payload_four1: CreateObject
              • 0xeb56:$asp_always_write1: .Write
              • 0xaa80:$asp_write_way_one3: CreateTextFile
              • 0x1340:$asp_cr_write1: CreateObject(
              • 0x13b8:$asp_cr_write1: CreateObject(
              • 0x148e2:$tagasp_capa_classid1: 72C24DD5-D70A-438B-8A42-98424B88AFB8
              00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 6 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                4.3.detection.exe.7fa95e2c.0.unpackJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
                  36.0.aes_x64.exe.7ff697680000.0.unpackJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
                    4.3.detection.exe.2506990.6.raw.unpackJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
                      4.3.detection.exe.2506990.6.unpackJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
                        4.2.detection.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                          Click to see the 4 entries

                          Sigma Overview

                          No Sigma rule has matched

                          Jbx Signature Overview

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection:

                          barindex
                          Antivirus detection for URL or domainShow sources
                          Source: http://www.nationsbank.com/Avira URL Cloud: Label: phishing
                          Multi AV Scanner detection for dropped fileShow sources
                          Source: C:\Users\user\AppData\Local\Temp\aes_x86.exeMetadefender: Detection: 20%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\aes_x86.exeReversingLabs: Detection: 21%
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeReversingLabs: Detection: 27%
                          Multi AV Scanner detection for submitted fileShow sources
                          Source: Mes_Drivers_3.0.4.exeVirustotal: Detection: 11%Perma Link
                          Source: Mes_Drivers_3.0.4.exeMetadefender: Detection: 13%Perma Link
                          Source: Mes_Drivers_3.0.4.exeReversingLabs: Detection: 16%
                          Source: 4.2.detection.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00456370 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,11_2_00456370
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00431450 CryptHashData,11_2_00431450
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00431460 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,11_2_00431460
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00431400 CryptAcquireContextA,CryptCreateHash,11_2_00431400
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00456660 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,11_2_00456660
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0042FAF0 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext,11_2_0042FAF0
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF697683750 CryptAcquireContextW,GetLastError,GetLastError,CryptAcquireContextW,GetLastError,CryptGenRandom,CryptReleaseContext,sprintf,CryptGenRandom,CryptReleaseContext,_fread_nolock,_fread_nolock,fflush,36_2_00007FF697683750
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: mov dword ptr [rsi+0000490Dh], 424D53FFh11_2_00435030
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: mov dword ptr [rdi+0000490Dh], 424D53FFh11_2_00435730
                          Source: Mes_Drivers_3.0.4.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
                          Source: Mes_Drivers_3.0.4.exeStatic PE information: certificate valid
                          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
                          Source: unknownHTTPS traffic detected: 46.105.202.207:443 -> 192.168.2.5:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 46.105.202.207:443 -> 192.168.2.5:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.26.7.39:443 -> 192.168.2.5:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.26.7.39:443 -> 192.168.2.5:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.180.226:443 -> 192.168.2.5:49743 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.180.226:443 -> 192.168.2.5:49742 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.227.209.167:443 -> 192.168.2.5:49752 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.227.209.167:443 -> 192.168.2.5:49751 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.214.194:443 -> 192.168.2.5:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.214.194:443 -> 192.168.2.5:49756 version: TLS 1.2
                          Source: Binary string: devcon.pdbGCTL source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, detect_x64.exe, 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp
                          Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: waitfor.pdb source: Mes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: devcon.pdbH source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: devcon.pdb8d:j source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\x64\Release\aescrypt.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: waitfor.pdbP' source: Mes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: devcon.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, detect_x64.exe, 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0044C2B0 GetLongPathNameW,FindFirstFileW,FindClose,1_2_0044C2B0
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004093DC FindFirstFileW,FindClose,1_2_004093DC
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004197A4 FindFirstFileW,FindClose,1_2_004197A4
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00408E18 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,1_2_00408E18
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_00409CCC FindFirstFileW,FindClose,4_2_00409CCC
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_0040B11E FindFirstFileW,4_2_0040B11E
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_00409708 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,4_2_00409708
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_004624F0 FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,11_2_004624F0
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A7456560 GetWindowsDirectoryW,FindFirstFileW,FindNextFileW,FindClose,17_2_00007FF7A7456560
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768AA44 FindClose,FindFirstFileExW,FindNextFileW,FindClose,36_2_00007FF69768AA44
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_00425170
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx eax, byte ptr [rsp+rcx+20h]11_2_00463850
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx eax, word ptr [rcx]11_2_0045F000
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx eax, byte ptr [rcx]11_2_00432080
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [00000000004C76A8h]11_2_0040A100
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov r9, qword ptr [rdi]11_2_00416370
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_004254E8
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_00425562
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_00425504
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx eax, byte ptr [r11]11_2_0045F510
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_00425520
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_0042553C
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_004255D8
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov r8, qword ptr [rsi]11_2_004055F0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movsxd rax, rcx11_2_0046C5F0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rax, qword ptr [r8-08h]11_2_004255A7
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov eax, ecx11_2_004705B0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movsx eax, byte ptr [rbx]11_2_0041364E
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx eax, byte ptr [rdx]11_2_00453630
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea rbx, qword ptr [rsp+40h]11_2_00466720
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx r9d, byte ptr [rbx]11_2_0045285E
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx ecx, byte ptr [r11]11_2_0045F820
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then cmp dword ptr [r12+28h], 01h11_2_004628B0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov r9, qword ptr [rbx]11_2_004479A0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx ebx, byte ptr [rsi+rbp]11_2_00411CC0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx ecx, byte ptr [rdx]11_2_00461CA0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then test eax, eax11_2_00436DC0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea ecx, dword ptr [r15+10h]11_2_00423DD0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx eax, byte ptr [r8+rdx]11_2_0046DE60
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea ecx, dword ptr [r15+10h]11_2_00423E6C
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movsx eax, byte ptr [rdi]11_2_00413E00
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea rcx, qword ptr [00000000004B25F8h]11_2_00446E10
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then cmp dword ptr [r15+rbp*4+000008A8h], 00000000h11_2_0044CE20
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea ecx, dword ptr [r15+10h]11_2_00423ED5
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea ecx, dword ptr [r15+10h]11_2_00423EF8
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea ecx, dword ptr [r15+10h]11_2_00423EB2
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then mov rdx, rax11_2_0043CF40
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea ecx, dword ptr [r15+10h]11_2_00423F7B
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then lea ecx, dword ptr [r15+10h]11_2_00423F3C
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 4x nop then movzx r8d, al11_2_00461FA0
                          Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00427A30 recv,11_2_00427A30
                          Source: global trafficHTTP traffic detected: GET /index.php?v_page=31&v_id=8KVKWmfznwDbzahM HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.touslesdrivers.comConnection: Keep-Alive
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: Usage: curl [options...] <url>
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: --ftp-pret Send PRET before PASV (for drftpd) (F) -P, --ftp-port ADR Use PORT with given address instead of PASV (F) --ftp-pasv Use PASV/EPSV instead of PORT (F) --ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F) --ftp-create-dirs Create the remote dirs if not present (F) --ftp-alternative-to-user COMMAND String to replace "USER [name]" (F) --ftp-account DATA Account data string (F) --form-string STRING Specify HTTP multipart POST data (H) -F, --form CONTENT Specify HTTP multipart POST data (H) --false-start Enable TLS False Start. -f, --fail Fail silently (no output at all) on HTTP errors (H) --expect100-timeout SECONDS How long to wait for 100-continue (H) --engine ENGINE Crypto engine (use "--engine list" for list) (SSL) --egd-file FILE EGD socket path for random data (SSL) -D, --dump-header FILE Write the headers to FILE --dns-ipv6-addr IPv6 address to use for DNS requests, dot notation --dns-ipv4-addr IPv4 address to use for DNS requests, dot notation --dns-interface Interface to use for DNS requests --dns-servers DNS server addrs to use: 1.1.1.1;2.2.2.2 --disable-epsv Inhibit using EPSV (F) --disable-eprt Inhibit using EPRT or LPRT (F) --digest Use HTTP Digest Authentication (H) --delegation STRING GSS-API delegation permission --data-urlencode DATA HTTP POST data url encoded (H) --data-binary DATA HTTP POST binary data (H) --data-ascii DATA HTTP POST ASCII data (H) --data-raw DATA HTTP POST data, '@' allowed (H) -d, --data DATA HTTP POST data (H) --crlfile FILE Get a CRL list in PEM format from the given file --crlf Convert LF to CRLF in upload --create-dirs Create necessary local directory hierarchy -c, --cookie-jar FILE Write cookies to FILE after operation (H) -b, --cookie STRING/FILE Read cookies from STRING/FILE (H) -C, --continue-at OFFSET Resumed transfer OFFSET --connect-to HOST1:PORT1:HOST2:PORT2 Connect to host (network level) --connect-timeout SECONDS Maximum time allowed for connection -K, --config FILE Read config from FILE --compressed Request compressed response (using deflate or gzip) --ciphers LIST SSL ciphers to use (SSL) --cert-type TYPE Certificate file type (DER/PEM/ENG) (SSL) --cert-status Verify the status of the server certificate (SSL) -E, --cert CERT[:PASSWD] Client certificate file and password (SSL) --capath DIR CA directory to verify peer against (SSL) --cacert FILE CA certificate to verify peer against (SSL) --basic Use HTTP Basic Authentication (H) -a, --append Append to target file when uploading (F/SFTP) --anyauth Pick "any" authentication method (H)Options: (H) means HTTP/HTTPS only, (F) means FTP onlyUsage: curl [options...] <url>Features: %s Protocols: curl 7.51.0 (x86_64-pc-win32) %s
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: --ftp-pret Send PRET before PASV (for drftpd) (F) -P, --ftp-port ADR Use PORT with given address instead of PASV (F) --ftp-pasv Use PASV/EPSV instead of PORT (F) --ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F) --ftp-create-dirs Create the remote dirs if not present (F) --ftp-alternative-to-user COMMAND String to replace "USER [name]" (F) --ftp-account DATA Account data string (F) --form-string STRING Specify HTTP multipart POST data (H) -F, --form CONTENT Specify HTTP multipart POST data (H) --false-start Enable TLS False Start. -f, --fail Fail silently (no output at all) on HTTP errors (H) --expect100-timeout SECONDS How long to wait for 100-continue (H) --engine ENGINE Crypto engine (use "--engine list" for list) (SSL) --egd-file FILE EGD socket path for random data (SSL) -D, --dump-header FILE Write the headers to FILE --dns-ipv6-addr IPv6 address to use for DNS requests, dot notation --dns-ipv4-addr IPv4 address to use for DNS requests, dot notation --dns-interface Interface to use for DNS requests --dns-servers DNS server addrs to use: 1.1.1.1;2.2.2.2 --disable-epsv Inhibit using EPSV (F) --disable-eprt Inhibit using EPRT or LPRT (F) --digest Use HTTP Digest Authentication (H) --delegation STRING GSS-API delegation permission --data-urlencode DATA HTTP POST data url encoded (H) --data-binary DATA HTTP POST binary data (H) --data-ascii DATA HTTP POST ASCII data (H) --data-raw DATA HTTP POST data, '@' allowed (H) -d, --data DATA HTTP POST data (H) --crlfile FILE Get a CRL list in PEM format from the given file --crlf Convert LF to CRLF in upload --create-dirs Create necessary local directory hierarchy -c, --cookie-jar FILE Write cookies to FILE after operation (H) -b, --cookie STRING/FILE Read cookies from STRING/FILE (H) -C, --continue-at OFFSET Resumed transfer OFFSET --connect-to HOST1:PORT1:HOST2:PORT2 Connect to host (network level) --connect-timeout SECONDS Maximum time allowed for connection -K, --config FILE Read config from FILE --compressed Request compressed response (using deflate or gzip) --ciphers LIST SSL ciphers to use (SSL) --cert-type TYPE Certificate file type (DER/PEM/ENG) (SSL) --cert-status Verify the status of the server certificate (SSL) -E, --cert CERT[:PASSWD] Client certificate file and password (SSL) --capath DIR CA directory to verify peer against (SSL) --cacert FILE CA certificate to verify peer against (SSL) --basic Use HTTP Basic Authentication (H) -a, --append Append to target file when uploading (F/SFTP) --anyauth Pick "any" authentication method (H)Options: (H) means HTTP/HTTPS only, (F) means FTP onlyUsage: curl [options...] <url>Features: %s Protocols: curl 7.51.0 (i386-pc-win32) %s
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: Usage: curl [options...] <url>
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: --ftp-pret Send PRET before PASV (for drftpd) (F) -P, --ftp-port ADR Use PORT with given address instead of PASV (F) --ftp-pasv Use PASV/EPSV instead of PORT (F) --ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F) --ftp-create-dirs Create the remote dirs if not present (F) --ftp-alternative-to-user COMMAND String to replace "USER [name]" (F) --ftp-account DATA Account data string (F) --form-string STRING Specify HTTP multipart POST data (H) -F, --form CONTENT Specify HTTP multipart POST data (H) --false-start Enable TLS False Start. -f, --fail Fail silently (no output at all) on HTTP errors (H) --expect100-timeout SECONDS How long to wait for 100-continue (H) --engine ENGINE Crypto engine (use "--engine list" for list) (SSL) --egd-file FILE EGD socket path for random data (SSL) -D, --dump-header FILE Write the headers to FILE --dns-ipv6-addr IPv6 address to use for DNS requests, dot notation --dns-ipv4-addr IPv4 address to use for DNS requests, dot notation --dns-interface Interface to use for DNS requests --dns-servers DNS server addrs to use: 1.1.1.1;2.2.2.2 --disable-epsv Inhibit using EPSV (F) --disable-eprt Inhibit using EPRT or LPRT (F) --digest Use HTTP Digest Authentication (H) --delegation STRING GSS-API delegation permission --data-urlencode DATA HTTP POST data url encoded (H) --data-binary DATA HTTP POST binary data (H) --data-ascii DATA HTTP POST ASCII data (H) --data-raw DATA HTTP POST data, '@' allowed (H) -d, --data DATA HTTP POST data (H) --crlfile FILE Get a CRL list in PEM format from the given file --crlf Convert LF to CRLF in upload --create-dirs Create necessary local directory hierarchy -c, --cookie-jar FILE Write cookies to FILE after operation (H) -b, --cookie STRING/FILE Read cookies from STRING/FILE (H) -C, --continue-at OFFSET Resumed transfer OFFSET --connect-to HOST1:PORT1:HOST2:PORT2 Connect to host (network level) --connect-timeout SECONDS Maximum time allowed for connection -K, --config FILE Read config from FILE --compressed Request compressed response (using deflate or gzip) --ciphers LIST SSL ciphers to use (SSL) --cert-type TYPE Certificate file type (DER/PEM/ENG) (SSL) --cert-status Verify the status of the server certificate (SSL) -E, --cert CERT[:PASSWD] Client certificate file and password (SSL) --capath DIR CA directory to verify peer against (SSL) --cacert FILE CA certificate to verify peer against (SSL) --basic Use HTTP Basic Authentication (H) -a, --append Append to target file when uploading (F/SFTP) --anyauth Pick "any" authentication method (H)Options: (H) means HTTP/HTTPS only, (F) means FTP onlyUsage: curl [options...] <url>Features: %s Protocols: curl 7.51.0 (x86_64-pc-win32) %s
                          Source: unknownDNS traffic detected: queries for: www.touslesdrivers.com
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: ftp://cool.haxx.se/
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: ftp://ftp.com/moo.exe
                          Source: curl_x64.exeString found in binary or memory: ftp://ftp.funet.fi/README
                          Source: curl_x64.exeString found in binary or memory: ftp://ftp.leachsite.com/README
                          Source: curl_x64.exeString found in binary or memory: ftp://ftp.server.com/path/file
                          Source: curl_x64.exeString found in binary or memory: ftp://ftp.sunet.se/pub/www/utilities/curl/
                          Source: curl_x64.exeString found in binary or memory: ftp://ftp.sunet.se/pub/www/utilities/curl/SEE
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: http://curl.haxx.se/0
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://help.with.curl.com/curlhelp.html
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://machine.domain/full/path/to/file
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.thawte.com0
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://remote.server.com/remote.html
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://that.secret.site.com
                          Source: curl_x64.exeString found in binary or memory: http://that.secret.site.comEXTRA
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: http://trust.web.de/crl/ca03.crl0
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://url.com/file.txt
                          Source: detection.exe, 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmpString found in binary or memory: http://www.abyssmedia.com
                          Source: curl_x64.exeString found in binary or memory: http://www.drh-consultancy.d
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.drh-consultancy.demon.co.uk/
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.formpost.com/getthis/
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.formpost.com/getthis/post.cgi
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.get.this/
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.nationsbank.com/
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.netscape.com/
                          Source: curl_x64.exeString found in binary or memory: http://www.netscape.com/HTTPS
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.netscape.com/index.html
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.post.com/postit.cgi
                          Source: curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.server.com/
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.showme.com/
                          Source: detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.226335116.0000000002AB1000.00000004.00000001.sdmpString found in binary or memory: http://www.touslesdrivers.com/index.php?v_page=31&v_id=
                          Source: detection.exe, 00000004.00000003.399270098.00000000009F9000.00000004.00000001.sdmp, detection.exe, 00000004.00000002.405879804.0000000002AE8000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.400133733.0000000002ABB000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.399944667.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM
                          Source: detection.exe, 00000004.00000002.404454752.00000000009DC000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.398665475.00000000009DA000.00000004.00000001.sdmpString found in binary or memory: http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahMAzOh
                          Source: detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: http://www.touslesdrivers.com/index.php?v_page=31&v_id=V
                          Source: Mes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmp, Mes_Drivers_3.0.4.exe, 00000001.00000002.410166298.0000000002810000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: http://www.touslesdrivers.com/php/mes_drivers/code_source.php
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.upload.com/myfile
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.weirdserver.com:8000/
                          Source: curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: http://www.where.com/guest.cgi
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se
                          Source: curl_x64.exeString found in binary or memory: https://curl.haxx.se/
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/P
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/docs/
                          Source: curl_x64.exeString found in binary or memory: https://curl.haxx.se/docs/copyright.html
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/docs/copyright.htmlD
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
                          Source: curl_x64.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/docs/sslcerts.html
                          Source: curl_x64.exeString found in binary or memory: https://curl.haxx.se/docs/sslcerts.htmlcurl
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/libcurl/c/curl_easy_setopt.html
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/mail/.
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://curl.haxx.se/rfc/rfc2255.txt
                          Source: curl_x64.exeString found in binary or memory: https://curl.haxx.seFTP
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://ftp.mozilla.org
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://git.fedora-
                          Source: curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://secure.site.com/
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: https://trust.web.de/crl/ca03.crl0
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: https://trust.web.de0
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpString found in binary or memory: https://trust.web.de01
                          Source: curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://www.openssl.org/docs/apps/ciphers.html
                          Source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpString found in binary or memory: https://www.secure-site.com
                          Source: detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.226335116.0000000002AB1000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=
                          Source: detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=.S
                          Source: detection.exe, 00000004.00000003.399270098.00000000009F9000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_versio
                          Source: detection.exe, 00000004.00000003.399826501.0000000000A22000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4
                          Source: detection.exe, 00000004.00000003.400740202.0000000000A3F000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4work
                          Source: detection.exe, 00000004.00000002.404357113.000000000099B000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4x
                          Source: detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.226335116.0000000002AB1000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=
                          Source: curl_x64.exe, 0000000B.00000002.232370646.00000000009D0000.00000004.00000040.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4
                          Source: detection.exe, 00000004.00000003.399944667.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4ahM&v_version=indo
                          Source: detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=Ad
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownHTTPS traffic detected: 46.105.202.207:443 -> 192.168.2.5:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 46.105.202.207:443 -> 192.168.2.5:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.26.7.39:443 -> 192.168.2.5:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.26.7.39:443 -> 192.168.2.5:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.180.226:443 -> 192.168.2.5:49743 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.180.226:443 -> 192.168.2.5:49742 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.227.209.167:443 -> 192.168.2.5:49752 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.227.209.167:443 -> 192.168.2.5:49751 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.214.194:443 -> 192.168.2.5:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.214.194:443 -> 192.168.2.5:49756 version: TLS 1.2
                          Source: detection.exe, 00000004.00000002.404267982.000000000097A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00456370 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,11_2_00456370
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004517181_2_00451718
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004128161_2_00412816
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00407E341_2_00407E34
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_0041313A4_2_0041313A
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_004087244_2_00408724
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0042F13011_2_0042F130
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0040D4E911_2_0040D4E9
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_004264A111_2_004264A1
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0044867011_2_00448670
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0042296011_2_00422960
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0044A09011_2_0044A090
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0041637011_2_00416370
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045637011_2_00456370
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045D48411_2_0045D484
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045367011_2_00453670
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045D72911_2_0045D729
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0046780011_2_00467800
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045F82011_2_0045F820
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_004288F011_2_004288F0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0044090011_2_00440900
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045EAB011_2_0045EAB0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0044DB6011_2_0044DB60
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00452C9011_2_00452C90
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00472D7011_2_00472D70
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00468DC011_2_00468DC0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00413E0011_2_00413E00
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0044CE2011_2_0044CE20
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045CE2F11_2_0045CE2F
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00451EA011_2_00451EA0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0043CF4011_2_0043CF40
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0045CFD011_2_0045CFD0
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A745286C17_2_00007FF7A745286C
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A745197017_2_00007FF7A7451970
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A745589017_2_00007FF7A7455890
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A7453EA017_2_00007FF7A7453EA0
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768375036_2_00007FF697683750
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69769281036_2_00007FF697692810
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768CA1436_2_00007FF69768CA14
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768484036_2_00007FF697684840
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768890036_2_00007FF697688900
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768130036_2_00007FF697681300
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768B4C036_2_00007FF69768B4C0
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768FD6036_2_00007FF69768FD60
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768176036_2_00007FF697681760
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768275036_2_00007FF697682750
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768D54C36_2_00007FF69768D54C
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768100036_2_00007FF697681000
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\aes_x86.exe B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 00427190 appears 312 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 00427290 appears 328 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 0041C050 appears 36 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 0045FEC0 appears 47 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 00414800 appears 35 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 0045FB50 appears 375 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 00402DA0 appears 40 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 0040ACC0 appears 38 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 00454EB0 appears 42 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 0045AEF0 appears 31 times
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: String function: 00414970 appears 57 times
                          Source: aes_x64.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                          Source: aes_x86.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                          Source: curl_x64.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                          Source: Mes_Drivers_3.0.4.exe, 00000001.00000002.410587105.0000000002E80000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs Mes_Drivers_3.0.4.exe
                          Source: Mes_Drivers_3.0.4.exe, 00000001.00000003.220926484.000000000282F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Mes_Drivers_3.0.4.exe
                          Source: Mes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamewaitfor.exej% vs Mes_Drivers_3.0.4.exe
                          Source: Mes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmpBinary or memory string: OriginalFilename8 vs Mes_Drivers_3.0.4.exe
                          Source: Mes_Drivers_3.0.4.exe, 00000001.00000002.411022700.0000000002F80000.00000002.00000001.sdmpBinary or memory string: originalfilename vs Mes_Drivers_3.0.4.exe
                          Source: Mes_Drivers_3.0.4.exe, 00000001.00000002.411022700.0000000002F80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs Mes_Drivers_3.0.4.exe
                          Source: Mes_Drivers_3.0.4.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
                          Source: 00000004.00000003.399944667.00000000009B3000.00000004.00000001.sdmp, type: MEMORYMatched rule: webshell_asp_generic date = 2021/03/07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, license = https://creativecommons.org/licenses/by-nc/4.0/, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75
                          Source: classification engineClassification label: mal72.evad.winEXE@52/81@9/7
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_004183B4 GetLastError,FormatMessageA,GetLastError,SetLastError,11_2_004183B4
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A7451194 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,InitiateSystemShutdownExW,17_2_00007FF7A7451194
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00419CF4 GetDiskFreeSpaceW,1_2_00419CF4
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00448AA4 CoCreateInstance,1_2_00448AA4
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0043D5F0 FindResourceW,LoadResource,SizeofResource,LockResource,1_2_0043D5F0
                          Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB2B1FBA-DF79-11EB-90E5-ECF4BB570DC9}.dat
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5976:120:WilError_01
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2904:120:WilError_01
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile created: C:\Users\user\AppData\Local\Temp\detection.exeJump to behavior
                          Source: Yara matchFile source: Mes_Drivers_3.0.4.exe, type: SAMPLE
                          Source: Yara matchFile source: 4.2.detection.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.Mes_Drivers_3.0.4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.0.Mes_Drivers_3.0.4.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000000.218185318.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, type: MEMORY
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Caption, Manufacturer, MaxClockSpeed, Name, SocketDesignation FROM Win32_Processor
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: C:\Windows\SysWOW64\waitfor.exeFile read: C:\Windows\System32\drivers\etc\hosts
                          Source: Mes_Drivers_3.0.4.exeVirustotal: Detection: 11%
                          Source: Mes_Drivers_3.0.4.exeMetadefender: Detection: 13%
                          Source: Mes_Drivers_3.0.4.exeReversingLabs: Detection: 16%
                          Source: curl_x64.exeString found in binary or memory: curl: try 'curl --help' or 'curl --manual' for more information
                          Source: curl_x64.exeString found in binary or memory: curl: try 'curl --help' or 'curl --manual' for more information
                          Source: curl_x64.exeString found in binary or memory: document that is newer than the specified date/time. If this option is used several times, the last one will be used. -h, --help Usage help. This lists all current command line options with a s
                          Source: curl_x64.exeString found in binary or memory: document that is newer than the specified date/time. If this option is used several times, the last one will be used. -h, --help Usage help. This lists all current command line options with a s
                          Source: curl_x64.exeString found in binary or memory: This option requires that libcurl was built with a resolver backend that supports this operation. The c-ares backend is the only such one. (Added in 7.33.0) --dns-servers <ip-address,ip-address>
                          Source: curl_x64.exeString found in binary or memory: This option requires that libcurl was built with a resolver backend that supports this operation. The c-ares backend is the only such one. (Added in 7.33.0) --dns-ipv6-addr <ip-address> Tel
                          Source: curl_x64.exeString found in binary or memory: Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the 'start-stop' range syntax. If a non-digit charac- ter is given in the range, the server's response will be unspec- ified, de
                          Source: curl_x64.exeString found in binary or memory: This option requires that libcurl was built with a resolver backend that supports this operation. The c-ares backend is the only such one. (Added in 7.33.0) --dns-ipv4-addr <ip-address> Tell
                          Source: curl_x64.exeString found in binary or memory: This option requires that libcurl was built with a resolver backend that supports this operation. The c-ares backend is the only such one. (Added in 7.33.0) --dns-servers <ip-address,ip-address>
                          Source: curl_x64.exeString found in binary or memory: Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the 'start-stop' range syntax. If a non-digit charac- ter is given in the range, the server's response will be unspec- ified, de
                          Source: curl_x64.exeString found in binary or memory: document that is newer than the specified date/time. If this option is used several times, the last one will be used. -h, --help Usage help. This lists all current command line options with a s
                          Source: curl_x64.exeString found in binary or memory: document that is newer than the specified date/time. If this option is used several times, the last one will be used. -h, --help Usage help. This lists all current command line options with a s
                          Source: curl_x64.exeString found in binary or memory: This option requires that libcurl was built with a resolver backend that supports this operation. The c-ares backend is the only such one. (Added in 7.33.0) --dns-ipv4-addr <ip-address> Tell
                          Source: curl_x64.exeString found in binary or memory: This option requires that libcurl was built with a resolver backend that supports this operation. The c-ares backend is the only such one. (Added in 7.33.0) --dns-ipv6-addr <ip-address> Tel
                          Source: curl_x64.exeString found in binary or memory: curl: try 'curl --help' or 'curl --manual' for more information
                          Source: curl_x64.exeString found in binary or memory: curl: try 'curl --help' or 'curl --manual' for more information
                          Source: detect_x64.exeString found in binary or memory: positioned on the newly-added filter. ! Deletes the next occurrence of the specified filter. When the subcommand
                          Source: detect_x64.exeString found in binary or memory: ng of the list. When the subcommand completes, the cursor is positioned on the newly-added filter. + Add after
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile read: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe 'C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe'
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C START '' 'C:\Users\user\AppData\Local\Temp\interface.lnk'
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess created: C:\Users\user\AppData\Local\Temp\detection.exe 'C:\Users\user\AppData\Local\Temp\detection.exe'
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\interface.cmd' '
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mode.com MODE CON: COLS=76 LINES=15
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' VER '
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe FINDSTR /I /R /C:'version 5\.[0-1]\.'
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request GET 'https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4'
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR unlock
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlock
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\sc.exe SC query Winmgmt
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlock
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' driverfiles 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' drivernodes 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' hwids 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' stack 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' status 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlock
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\aes_x64.exe 'C:\Users\user\AppData\Local\Temp\aes_x64.exe' -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o 'C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' -
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request POST --form 'v_configuration=<C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' 'https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4'
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C START '' 'http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM'
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlock
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM
                          Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7120 CREDAT:17410 /prefetch:2
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C START '' 'C:\Users\user\AppData\Local\Temp\interface.lnk'Jump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess created: C:\Users\user\AppData\Local\Temp\detection.exe 'C:\Users\user\AppData\Local\Temp\detection.exe' Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\interface.cmd' 'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request GET 'https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\sc.exe SC query WinmgmtJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' driverfiles 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' drivernodes 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' stack 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' status 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\aes_x64.exe 'C:\Users\user\AppData\Local\Temp\aes_x64.exe' -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o 'C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' -Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request POST --form 'v_configuration=<C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' 'https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C START '' 'http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mode.com MODE CON: COLS=76 LINES=15Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' VER 'Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe FINDSTR /I /R /C:'version 5\.[0-1]\.' Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR unlock Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM
                          Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7120 CREDAT:17410 /prefetch:2
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: Mes_Drivers_3.0.4.exeStatic PE information: certificate valid
                          Source: Mes_Drivers_3.0.4.exeStatic file information: File size 1624440 > 1048576
                          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
                          Source: Mes_Drivers_3.0.4.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x130400
                          Source: Binary string: devcon.pdbGCTL source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, detect_x64.exe, 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp
                          Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: waitfor.pdb source: Mes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: devcon.pdbH source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: devcon.pdb8d:j source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\x64\Release\aescrypt.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: waitfor.pdbP' source: Mes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp
                          Source: Binary string: devcon.pdb source: detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, detect_x64.exe, 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp

                          Data Obfuscation:

                          barindex
                          Detected unpacking (changes PE section rights)Show sources
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeUnpacked PE file: 4.2.detection.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                          Obfuscated command line foundShow sources
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\aes_x64.exe 'C:\Users\user\AppData\Local\Temp\aes_x64.exe' -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o 'C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' -
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\aes_x64.exe 'C:\Users\user\AppData\Local\Temp\aes_x64.exe' -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o 'C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' -Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0042C2E0 GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,11_2_0042C2E0
                          Source: initial sampleStatic PE information: section where entry point is pointing to: .MPRESS2
                          Source: Mes_Drivers_3.0.4.exeStatic PE information: section name: .didata
                          Source: detection.exe.1.drStatic PE information: section name: .MPRESS1
                          Source: detection.exe.1.drStatic PE information: section name: .MPRESS2
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004562E0 push 0045636Ch; ret 1_2_00456364
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0042C018 push 0042C084h; ret 1_2_0042C07C
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004413CC push ecx; mov dword ptr [esp], edx1_2_004413CE
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0043D3D4 push ecx; mov dword ptr [esp], edx1_2_0043D3D6
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00456394 push 0045644Ah; ret 1_2_00456442
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00456454 push 004564DFh; ret 1_2_004564D7
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0042B50C push ecx; mov dword ptr [esp], ecx1_2_0042B50F
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004145EC push 00414A17h; ret 1_2_00414A0F
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0045073C push 00450774h; ret 1_2_0045076C
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00449860 push 004498DDh; ret 1_2_004498D5
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004508D4 push ecx; mov dword ptr [esp], ecx1_2_004508D7
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004218F4 push 00421A8Eh; ret 1_2_00421A86
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004149D4 push 00414A17h; ret 1_2_00414A0F
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00451AA8 push 00451AECh; ret 1_2_00451AE4
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00444B68 push 00444C35h; ret 1_2_00444C2D
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00438E70 push ecx; mov dword ptr [esp], edx1_2_00438E75
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0041FE94 push ecx; mov dword ptr [esp], edx1_2_0041FE99
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0042DEA8 push 0042DEF5h; ret 1_2_0042DEED
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00409FB0 push 0040A037h; ret 1_2_0040A02F
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_0040A8D4 push 0040A95Bh; ret 4_2_0040A953
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_00414F10 push 0041533Bh; ret 4_2_00415333
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\waitfor_x86_2.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\detect_x64_2.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\aes_x86.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\curl_x64.exeJump to dropped file
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile created: C:\Users\user\AppData\Local\Temp\detection.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\curl_x86.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\aes_x64.exeJump to dropped file
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile created: C:\Users\user\AppData\Local\Temp\waitfor_x86.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\detect_x64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeFile created: C:\Users\user\AppData\Local\Temp\detect_x86.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\sc.exe SC query Winmgmt
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion:

                          barindex
                          Queries memory information (via WMI often done to detect virtual machines)Show sources
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT BankLabel, Capacity, PartNumber FROM Win32_PhysicalMemory
                          Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Product, Version FROM Win32_BaseBoard
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Caption, SMBIOSBIOSVersion FROM Win32_BIOS
                          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Caption, InterfaceType, Size FROM Win32_DiskDrive
                          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT MACAddress, Manufacturer, Name FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE &quot;PCI\\%&quot; OR PNPDeviceID LIKE &quot;PCMCIA\\%&quot; OR PNPDeviceID LIKE &quot;USB\\%&quot;
                          Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)Show sources
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT BankLabel, Capacity, PartNumber FROM Win32_PhysicalMemory
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A745286C SetupDiGetDeviceInstallParamsW,SetupDiSetDeviceInstallParamsW,SetupDiBuildDriverInfoList,SetupDiEnumDriverInfoW,SetupDiOpenDevRegKey,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,SetupDiGetDeviceRegistryPropertyW,SetupDiSetDeviceInstallParamsW,SetupDiBuildDriverInfoList,SetupDiEnumDriverInfoW,SetupDiGetDriverInfoDetailW,GetLastError,SetupDiEnumDriverInfoW,SetupDiDestroyDriverInfoList,RegCloseKey,17_2_00007FF7A745286C
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWindow / User API: threadDelayed 1139Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\waitfor_x86_2.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\detect_x64_2.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\aes_x86.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\curl_x86.exeJump to dropped file
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\waitfor_x86.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\detect_x86.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeAPI coverage: 9.8 %
                          Source: C:\Windows\SysWOW64\waitfor.exe TID: 980Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exe TID: 2540Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\waitfor.exe TID: 6984Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\SysWOW64\waitfor.exe TID: 7128Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Caption, Manufacturer, MaxClockSpeed, Name, SocketDesignation FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0044C2B0 GetLongPathNameW,FindFirstFileW,FindClose,1_2_0044C2B0
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004093DC FindFirstFileW,FindClose,1_2_004093DC
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_004197A4 FindFirstFileW,FindClose,1_2_004197A4
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00408E18 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,1_2_00408E18
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_00409CCC FindFirstFileW,FindClose,4_2_00409CCC
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_0040B11E FindFirstFileW,4_2_0040B11E
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_00409708 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,4_2_00409708
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_004624F0 FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,11_2_004624F0
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A7456560 GetWindowsDirectoryW,FindFirstFileW,FindNextFileW,FindClose,17_2_00007FF7A7456560
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768AA44 FindClose,FindFirstFileExW,FindNextFileW,FindClose,36_2_00007FF69768AA44
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00409F3C GetSystemInfo,1_2_00409F3C
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: detect_x64.exe, 00000012.00000003.358084577.000002CC8AB32000.00000004.00000001.sdmpBinary or memory string: vmnetextensionusAddReg
                          Source: detect_x64.exe, 00000012.00000003.277605945.000002CC8AA6F000.00000004.00000001.sdmpBinary or memory string: vmnetextension
                          Source: waitfor.exe, 0000000D.00000002.245262917.00000000046B0000.00000002.00000001.sdmp, waitfor.exe, 0000000F.00000002.260394870.0000000004D20000.00000002.00000001.sdmp, detect_x64.exe, 00000011.00000002.325684353.000001C1DA470000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                          Source: detect_x64.exe, 00000012.00000003.307496512.000002CC8AAFF000.00000004.00000001.sdmpBinary or memory string: vmnetextensionO@
                          Source: detect_x64.exe, 00000012.00000003.359448477.000002CC8AAF2000.00000004.00000001.sdmpBinary or memory string: vmnetextensionu@
                          Source: detect_x64.exe, 00000012.00000003.313739760.000002CC8AAF5000.00000004.00000001.sdmpBinary or memory string: vmnetextensionrs
                          Source: waitfor.exe, 0000000D.00000002.245262917.00000000046B0000.00000002.00000001.sdmp, waitfor.exe, 0000000F.00000002.260394870.0000000004D20000.00000002.00000001.sdmp, detect_x64.exe, 00000011.00000002.325684353.000001C1DA470000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                          Source: waitfor.exe, 0000000D.00000002.245262917.00000000046B0000.00000002.00000001.sdmp, waitfor.exe, 0000000F.00000002.260394870.0000000004D20000.00000002.00000001.sdmp, detect_x64.exe, 00000011.00000002.325684353.000001C1DA470000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                          Source: detect_x64.exe, 00000012.00000003.306013471.000002CC8AB2C000.00000004.00000001.sdmpBinary or memory string: vmnetextensionOCIOI;GA;;;SY)(A;;0x1301bf;;;BA)(A;IOCIOI;GA;;;BA)(A;CIOI;GRGX;;;BU)(A;OICIIO;GA;;;CO)(A;CIOI;GRGWGXSD;;;PU)
                          Source: detect_x64.exe, 00000012.00000003.344834461.000002CC8AA72000.00000004.00000001.sdmpBinary or memory string: vmnetextension@h(XM
                          Source: detect_x64.exe, 00000012.00000003.319540550.000002CC8AA8D000.00000004.00000001.sdmpBinary or memory string: vmnetextensionsystem32\drivers\wfplwfs.sys,-6001g
                          Source: detect_x64.exe, 00000012.00000003.351611083.000002CC8AA86000.00000004.00000001.sdmpBinary or memory string: vmnetextensionHh(XM
                          Source: detect_x64.exe, 00000012.00000003.355404187.000002CC8AB0A000.00000004.00000001.sdmpBinary or memory string: HKR, Ndi\Interfaces,FilterMediaTypes,,"vmnetextension"
                          Source: curl_x64.exe, 0000000B.00000002.232324322.0000000000611000.00000004.00000020.sdmp, waitfor.exe, 0000000F.00000002.259868660.0000000002FA7000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: waitfor.exe, 0000000D.00000002.245262917.00000000046B0000.00000002.00000001.sdmp, waitfor.exe, 0000000F.00000002.260394870.0000000004D20000.00000002.00000001.sdmp, detect_x64.exe, 00000011.00000002.325684353.000001C1DA470000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeAPI call chain: ExitProcess graph end nodegraph_4-6521
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeAPI call chain: ExitProcess graph end node
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeAPI call chain: ExitProcess graph end node
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF697688EE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,36_2_00007FF697688EE0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0042C2E0 GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,11_2_0042C2E0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00464730 EntryPoint,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetCommandLineA,11_2_00464730
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00418CD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00418CD0
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A7456CB0 SetUnhandledExceptionFilter,17_2_00007FF7A7456CB0
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A7456A94 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00007FF7A7456A94
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768FD1C SetUnhandledExceptionFilter,36_2_00007FF69768FD1C
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF697688EE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,36_2_00007FF697688EE0
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeCode function: 36_2_00007FF69768BF74 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,36_2_00007FF69768BF74
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C START '' 'C:\Users\user\AppData\Local\Temp\interface.lnk'Jump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeProcess created: C:\Users\user\AppData\Local\Temp\detection.exe 'C:\Users\user\AppData\Local\Temp\detection.exe' Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\interface.cmd' 'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request GET 'https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\sc.exe SC query WinmgmtJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' driverfiles 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' drivernodes 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' stack 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\detect_x64.exe 'C:\Users\user\AppData\Local\Temp\detect_x64.exe' status 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\aes_x64.exe 'C:\Users\user\AppData\Local\Temp\aes_x64.exe' -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o 'C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' -Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request POST --form 'v_configuration=<C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' 'https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C START '' 'http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM'Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR /S computer /SI unlockJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mode.com MODE CON: COLS=76 LINES=15Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' VER 'Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe FINDSTR /I /R /C:'version 5\.[0-1]\.' Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\waitfor.exe WAITFOR unlock Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request POST --form 'v_configuration=<C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' 'https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4'
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeProcess created: C:\Users\user\AppData\Local\Temp\curl_x64.exe 'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request POST --form 'v_configuration=<C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' 'https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4'Jump to behavior
                          Source: waitfor.exe, 0000000C.00000002.489250483.00000000030E0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                          Source: waitfor.exe, 0000000C.00000002.489250483.00000000030E0000.00000002.00000001.sdmpBinary or memory string: Progman
                          Source: waitfor.exe, 0000000C.00000002.489250483.00000000030E0000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
                          Source: waitfor.exe, 0000000C.00000002.489250483.00000000030E0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
                          Source: waitfor.exe, 0000000C.00000002.489250483.00000000030E0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_00404CA8 cpuid 1_2_00404CA8
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,1_2_00409514
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: GetLocaleInfoW,1_2_0042037C
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: EnumSystemLocalesW,1_2_0042053C
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: GetLocaleInfoW,1_2_0041D5D8
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: GetLocaleInfoW,1_2_0041D624
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_004089BC
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,4_2_00409E04
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: EnumSystemLocalesW,4_2_0040B10E
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: GetLocaleInfoW,4_2_0040B1C6
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: GetLocaleInfoW,4_2_0040B1BE
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_004092AC
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetUserDefaultLCID,EnumSystemLocalesA,GetUserDefaultLangID,GetLocaleInfoA,GetLocaleInfoA,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,11_2_0046D1D0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: EnumSystemLocalesA,11_2_0046D060
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: EnumSystemLocalesA,11_2_0046D130
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,MultiByteToWideChar,11_2_004733A0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoA,MultiByteToWideChar,11_2_004734C7
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoA,11_2_004714A0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,GetLocaleInfoA,11_2_004735B0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoW,WideCharToMultiByte,11_2_004736D0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoA,11_2_0046C860
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoA,11_2_0046C9C0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoA,11_2_0046CAD0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,11_2_0046CBE0
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: GetLocaleInfoA,11_2_0046CF30
                          Source: C:\Users\user\AppData\Local\Temp\detect_x64.exeCode function: 17_2_00007FF7A745286C SetupDiGetDeviceInstallParamsW,SetupDiSetDeviceInstallParamsW,SetupDiBuildDriverInfoList,SetupDiEnumDriverInfoW,SetupDiOpenDevRegKey,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,SetupDiGetDeviceRegistryPropertyW,SetupDiSetDeviceInstallParamsW,SetupDiBuildDriverInfoList,SetupDiEnumDriverInfoW,SetupDiGetDriverInfoDetailW,GetLastError,SetupDiEnumDriverInfoW,SetupDiDestroyDriverInfoList,RegCloseKey,17_2_00007FF7A745286C
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation ActiveTimeBiasJump to behavior
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0041BB80 GetLocalTime,1_2_0041BB80
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00467160 GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,11_2_00467160
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0041F038 GetVersionExW,1_2_0041F038
                          Source: C:\Users\user\AppData\Local\Temp\aes_x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                          Source: detect_x64.exe, 00000012.00000003.262044414.000002CC8AAB6000.00000004.00000001.sdmpBinary or memory string: PGSETUP.EXE
                          Source: detect_x64.exe, 00000012.00000003.262044414.000002CC8AAB6000.00000004.00000001.sdmpBinary or memory string: 123.exe
                          Source: C:\Users\user\Desktop\Mes_Drivers_3.0.4.exeCode function: 1_2_0044F3E4 CreateBindCtx,MkParseDisplayNameEx,1_2_0044F3E4
                          Source: C:\Users\user\AppData\Local\Temp\detection.exeCode function: 4_2_0040B882 CreateBindCtx,4_2_0040B882
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0042A600 htons,htons,htons,htons,bind,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,11_2_0042A600
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_00440900 getsockname,WSAGetLastError,WSAGetLastError,htons,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,htons,11_2_00440900
                          Source: C:\Users\user\AppData\Local\Temp\curl_x64.exeCode function: 11_2_0043AFF0 bind,WSAGetLastError,11_2_0043AFF0

                          Mitre Att&ck Matrix

                          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                          Valid AccountsWindows Management Instrumentation511Windows Service1Access Token Manipulation1Deobfuscate/Decode Files or Information11Input Capture1System Time Discovery12Exploitation of Remote Services1Archive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
                          Default AccountsNative API3Boot or Logon Initialization ScriptsWindows Service1Obfuscated Files or Information3LSASS MemoryFile and Directory Discovery3Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothEncrypted Channel22Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                          Domain AccountsCommand and Scripting Interpreter112Logon Script (Windows)Process Injection12Software Packing11Security Account ManagerSystem Information Discovery247SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                          Local AccountsService Execution1Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSQuery Registry2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol4SIM Card SwapCarrier Billing Fraud
                          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion32LSA SecretsSecurity Software Discovery541SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                          Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsVirtualization/Sandbox Evasion32VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection12DCSyncProcess Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 445340 Sample: Mes_Drivers_3.0.4.exe Startdate: 07/07/2021 Architecture: WINDOWS Score: 72 78 Antivirus detection for URL or domain 2->78 80 Multi AV Scanner detection for dropped file 2->80 82 Multi AV Scanner detection for submitted file 2->82 9 Mes_Drivers_3.0.4.exe 1 5 2->9         started        process3 file4 48 C:\Users\user\AppData\Local\...\detection.exe, MS-DOS 9->48 dropped 50 C:\Users\user\AppData\...\waitfor_x86.exe, PE32 9->50 dropped 12 detection.exe 10 9->12         started        16 cmd.exe 2 9->16         started        process5 file6 52 C:\Users\user\AppData\Local\...\aes_x86.exe, PE32 12->52 dropped 54 C:\Users\user\AppData\Local\...\aes_x64.exe, PE32+ 12->54 dropped 56 C:\Users\user\AppData\...\waitfor_x86_2.exe, PE32 12->56 dropped 58 5 other files (none is malicious) 12->58 dropped 84 Multi AV Scanner detection for dropped file 12->84 86 Detected unpacking (changes PE section rights) 12->86 88 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 12->88 90 5 other signatures 12->90 18 aes_x64.exe 12->18         started        21 cmd.exe 12->21         started        23 curl_x64.exe 1 12->23         started        30 12 other processes 12->30 26 cmd.exe 1 16->26         started        28 conhost.exe 16->28         started        signatures7 process8 dnsIp9 46 C:\Users\user\AppData\...\8KVKWmfznwDbzahM, data 18->46 dropped 32 iexplore.exe 21->32         started        66 srv1.touslesdrivers.com 85.31.204.81, 443, 49718, 49734 JAGUAR-ASFR Sweden 23->66 68 www.touslesdrivers.com 23->68 35 conhost.exe 1 26->35         started        37 cmd.exe 1 26->37         started        39 waitfor.exe 1 26->39         started        41 2 other processes 26->41 70 www.touslesdrivers.com 30->70 file10 process11 dnsIp12 60 www.touslesdrivers.com 32->60 62 srv1.touslesdrivers.com 32->62 43 iexplore.exe 32->43         started        64 192.168.2.1 unknown unknown 35->64 process13 dnsIp14 72 46-105-202-207.any.cdn.anycast.me 46.105.202.207, 443, 49740, 49741 OVHFR France 43->72 74 partnerad.l.doubleclick.net 142.250.180.226, 443, 49742, 49743 GOOGLEUS United States 43->74 76 8 other IPs or domains 43->76

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          Mes_Drivers_3.0.4.exe12%VirustotalBrowse
                          Mes_Drivers_3.0.4.exe14%MetadefenderBrowse
                          Mes_Drivers_3.0.4.exe17%ReversingLabs

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\aes_x64.exe0%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\aes_x64.exe0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\aes_x86.exe21%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\aes_x86.exe21%ReversingLabsWin32.Packed.Generic
                          C:\Users\user\AppData\Local\Temp\curl_x64.exe0%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\curl_x64.exe0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\curl_x86.exe0%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\curl_x86.exe3%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\detect_x64.exe0%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\detect_x64.exe0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\detect_x64_2.exe0%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\detect_x64_2.exe0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\detect_x86.exe0%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\detect_x86.exe0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\detection.exe10%MetadefenderBrowse
                          C:\Users\user\AppData\Local\Temp\detection.exe28%ReversingLabsWin32.Infostealer.Limitail

                          Unpacked PE Files

                          SourceDetectionScannerLabelLinkDownload
                          4.2.detection.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                          4.1.detection.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                          Domains

                          SourceDetectionScannerLabelLink
                          46-105-202-207.any.cdn.anycast.me0%VirustotalBrowse
                          cdn.appconsent.io1%VirustotalBrowse
                          ads.sportslocalmedia.com1%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          http://www.post.com/postit.cgi0%Avira URL Cloudsafe
                          http://help.with.curl.com/curlhelp.html0%Avira URL Cloudsafe
                          http://www.weirdserver.com:8000/0%Avira URL Cloudsafe
                          http://www.nationsbank.com/100%Avira URL Cloudphishing
                          https://www.secure-site.com0%Avira URL Cloudsafe
                          https://trust.web.de00%Avira URL Cloudsafe
                          http://machine.domain/full/path/to/file0%Avira URL Cloudsafe
                          http://www.formpost.com/getthis/post.cgi0%Avira URL Cloudsafe
                          https://git.fedora-0%Avira URL Cloudsafe
                          http://www.abyssmedia.com0%Avira URL Cloudsafe
                          http://that.secret.site.comEXTRA0%Avira URL Cloudsafe
                          http://www.where.com/guest.cgi0%Avira URL Cloudsafe
                          http://ocsp.thawte.com00%URL Reputationsafe
                          http://ocsp.thawte.com00%URL Reputationsafe
                          http://ocsp.thawte.com00%URL Reputationsafe
                          https://curl.haxx.seFTP0%Avira URL Cloudsafe
                          https://trust.web.de010%Avira URL Cloudsafe
                          http://www.drh-consultancy.d0%Avira URL Cloudsafe
                          ftp://ftp.leachsite.com/README0%Avira URL Cloudsafe
                          http://www.formpost.com/getthis/0%Avira URL Cloudsafe
                          ftp://ftp.com/moo.exe0%Avira URL Cloudsafe
                          http://www.drh-consultancy.demon.co.uk/0%Avira URL Cloudsafe
                          http://www.get.this/0%Avira URL Cloudsafe
                          http://www.upload.com/myfile0%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          partnerad.l.doubleclick.net
                          		142.250.180.226
                          		truefalse
                            		high
                            googleads.g.doubleclick.net
                            		216.58.214.194
                            		truefalse
                              		high
                              srv1.touslesdrivers.com
                              		85.31.204.81
                              		truefalse
                                		high
                                46-105-202-207.any.cdn.anycast.me
                                		46.105.202.207
                                		truefalseunknown
                                cdn.appconsent.io
                                		35.227.209.167
                                		truefalseunknown
                                tags.smilewanted.com
                                		104.26.7.39
                                		truefalse
                                  		high
                                  securepubads.g.doubleclick.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    ads.sportslocalmedia.com
                                    		unknown
                                    		unknownfalseunknown
                                    www.touslesdrivers.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahMfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.post.com/postit.cgicurl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://trust.web.de/crl/ca03.crl0detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpfalse
                                          		high
                                          http://help.with.curl.com/curlhelp.htmldetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          ftp://ftp.sunet.se/pub/www/utilities/curl/SEEcurl_x64.exefalse
                                            		high
                                            https://secure.site.com/curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                              		high
                                              ftp://ftp.funet.fi/READMEcurl_x64.exefalse
                                                		high
                                                https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4detection.exe, 00000004.00000003.399826501.0000000000A22000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://that.secret.site.comdetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                    		high
                                                    http://www.weirdserver.com:8000/curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.nationsbank.com/detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmptrue
                                                    • Avira URL Cloud: phishing
                                                    		unknown
                                                    https://curl.haxx.se/libcurl/c/curl_easy_setopt.htmlcurl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                      		high
                                                      ftp://ftp.sunet.se/pub/www/utilities/curl/curl_x64.exefalse
                                                        		high
                                                        http://curl.haxx.se/0detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://trust.web.de/crl/ca03.crl0detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://www.secure-site.comdetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahMAzOhdetection.exe, 00000004.00000002.404454752.00000000009DC000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.398665475.00000000009DA000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://curl.haxx.se/docs/http-cookies.htmldetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                		high
                                                                https://curl.haxx.se/docs/http-cookies.html#curl_x64.exefalse
                                                                  		high
                                                                  https://trust.web.de0detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://curl.haxx.se/Pdetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmpfalse
                                                                    		high
                                                                    https://www.openssl.org/docs/apps/ciphers.htmlcurl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                      		high
                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://curl.haxx.se/docs/copyright.htmlDdetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmpfalse
                                                                          		high
                                                                          https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=.Sdetection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://curl.haxx.se/docs/detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                              		high
                                                                              http://machine.domain/full/path/to/filedetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://curl.haxx.securl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                		high
                                                                                http://www.formpost.com/getthis/post.cgidetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://ftp.mozilla.orgdetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                  		high
                                                                                  https://git.fedora-detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		low
                                                                                  http://www.abyssmedia.comdetection.exe, 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.netscape.com/index.htmldetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                    		high
                                                                                    http://that.secret.site.comEXTRAcurl_x64.exefalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://curl.haxx.se/rfc/rfc2255.txtdetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                      		high
                                                                                      https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4curl_x64.exe, 0000000B.00000002.232370646.00000000009D0000.00000004.00000040.sdmpfalse
                                                                                        		high
                                                                                        https://curl.haxx.se/mail/.detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                          		high
                                                                                          http://www.where.com/guest.cgicurl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://ocsp.thawte.com0detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.touslesdrivers.com/php/mes_drivers/code_source.phpMes_Drivers_3.0.4.exe, 00000001.00000003.407054994.00000000023C7000.00000004.00000001.sdmp, Mes_Drivers_3.0.4.exe, 00000001.00000002.410166298.0000000002810000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://curl.haxx.seFTPcurl_x64.exefalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://url.com/file.txtdetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                              		high
                                                                                              https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4ahM&v_version=indodetection.exe, 00000004.00000003.399944667.00000000009B3000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.226335116.0000000002AB1000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  ftp://cool.haxx.se/detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                    		high
                                                                                                    https://trust.web.de01detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.netscape.com/curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                      		high
                                                                                                      http://remote.server.com/remote.htmlcurl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                        		high
                                                                                                        https://curl.haxx.se/docs/sslcerts.htmlcurlcurl_x64.exefalse
                                                                                                          		high
                                                                                                          ftp://ftp.server.com/path/filecurl_x64.exefalse
                                                                                                            		high
                                                                                                            http://www.touslesdrivers.com/index.php?v_page=31&v_id=detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.226335116.0000000002AB1000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://curl.haxx.se/docs/sslcerts.htmlcurl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.drh-consultancy.dcurl_x64.exefalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.showme.com/detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.netscape.com/HTTPScurl_x64.exefalse
                                                                                                                    		high
                                                                                                                    https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_versiodetection.exe, 00000004.00000003.399270098.00000000009F9000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4workdetection.exe, 00000004.00000003.400740202.0000000000A3F000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        ftp://ftp.leachsite.com/READMEcurl_x64.exefalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.server.com/curl_x64.exe, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.formpost.com/getthis/detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://www.touslesdrivers.com/index.php?v_page=31&v_id=Vdetection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=detection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmp, detection.exe, 00000004.00000003.226335116.0000000002AB1000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              ftp://ftp.com/moo.exedetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4xdetection.exe, 00000004.00000002.404357113.000000000099B000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.drh-consultancy.demon.co.uk/detection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=Addetection.exe, 00000004.00000003.228885857.0000000002AB8000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.get.this/curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://curl.haxx.se/docs/copyright.htmlcurl_x64.exefalse
                                                                                                                                    		high
                                                                                                                                    http://www.upload.com/myfiledetection.exe, 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, curl_x64.exe, 0000000B.00000000.230122223.0000000000475000.00000002.00020000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://curl.haxx.se/curl_x64.exefalse
                                                                                                                                      		high

                                                                                                                                      Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      85.31.204.81
                                                                                                                                      		srv1.touslesdrivers.comSweden
                                                                                                                                      		30781JAGUAR-ASFRfalse
                                                                                                                                      46.105.202.207
                                                                                                                                      		46-105-202-207.any.cdn.anycast.meFrance
                                                                                                                                      		16276OVHFRfalse
                                                                                                                                      142.250.180.226
                                                                                                                                      		partnerad.l.doubleclick.netUnited States
                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                      104.26.7.39
                                                                                                                                      		tags.smilewanted.comUnited States
                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                      35.227.209.167
                                                                                                                                      		cdn.appconsent.ioUnited States
                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                      216.58.214.194
                                                                                                                                      		googleads.g.doubleclick.netUnited States
                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                      Private

                                                                                                                                      IP
                                                                                                                                      192.168.2.1

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                      Analysis ID:445340
                                                                                                                                      Start date:07.07.2021
                                                                                                                                      Start time:16:17:26
                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 13m 13s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Sample file name:Mes_Drivers_3.0.4.exe
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                      Number of analysed new started processes analysed:45
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • HDC enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal72.evad.winEXE@52/81@9/7
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                      HDC Information:
                                                                                                                                      • Successful, ratio: 10.2% (good quality ratio 8.7%)
                                                                                                                                      • Quality average: 63.5%
                                                                                                                                      • Quality standard deviation: 34.3%
                                                                                                                                      HCA Information:Failed
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Adjust boot time
                                                                                                                                      • Enable AMSI
                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                      Warnings:
                                                                                                                                      Show All
                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 104.42.151.234, 131.253.33.200, 13.107.22.200, 52.255.188.83, 151.139.128.14, 23.35.236.56, 20.82.210.154, 173.222.108.210, 173.222.108.226, 40.112.88.60, 80.67.82.211, 80.67.82.235, 23.203.80.193, 172.217.20.2, 142.250.180.238, 152.199.19.161
                                                                                                                                      • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, www.bing.com, fs.microsoft.com, ocsp.usertrust.com, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, pagead2.googlesyndication.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      16:18:27API Interceptor4x Sleep call for process: waitfor.exe modified

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                      85.31.204.81https://fichiers2.touslesdrivers.com/Mes_Drivers_3.0.4.exeGet hashmaliciousBrowse
                                                                                                                                      • www.touslesdrivers.com/index.php?v_page=31&v_id=qh9KWfRS01S5Sbvf

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                      tags.smilewanted.comhttps://fichiers2.touslesdrivers.com/Mes_Drivers_3.0.4.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.24.19.41
                                                                                                                                      srv1.touslesdrivers.comhttps://fichiers2.touslesdrivers.com/Mes_Drivers_3.0.4.exeGet hashmaliciousBrowse
                                                                                                                                      • 85.31.204.81

                                                                                                                                      ASN

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                      JAGUAR-ASFRZCOE3V1Cvt.exeGet hashmaliciousBrowse
                                                                                                                                      • 194.242.45.41
                                                                                                                                      SecuriteInfo.com.BehavesLike.Win32.Generic.cm.exeGet hashmaliciousBrowse
                                                                                                                                      • 194.242.45.41
                                                                                                                                      SecuriteInfo.com.Trojan.PackedNET.540.9726.exeGet hashmaliciousBrowse
                                                                                                                                      • 194.242.45.41
                                                                                                                                      SilaeClient.applicationGet hashmaliciousBrowse
                                                                                                                                      • 31.7.255.66
                                                                                                                                      X1xGVS7K4qY.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      X1xGVS7K4qY.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      Outstanding Invoices.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      Outstanding Invoices.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      Media Shower.exeGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      67207.exeGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      2018.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      2018.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      AYkrhDP.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      AYkrhDP.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      Fwd_ ACH form.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      Fwd_ ACH form.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      emotet2.exeGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      LSteR4mqIIzH3.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      LSteR4mqIIzH3.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      Outstanding Invoices.docGet hashmaliciousBrowse
                                                                                                                                      • 194.88.246.242
                                                                                                                                      OVHFRNWMEaRqF7s.exeGet hashmaliciousBrowse
                                                                                                                                      • 5.39.91.110
                                                                                                                                      OMJe815AqT.exeGet hashmaliciousBrowse
                                                                                                                                      • 51.254.241.28
                                                                                                                                      His4jRklYe.exeGet hashmaliciousBrowse
                                                                                                                                      • 51.79.119.231
                                                                                                                                      4z5jQqNiJl.exeGet hashmaliciousBrowse
                                                                                                                                      • 51.75.77.27
                                                                                                                                      H9QnI1DbC1.exeGet hashmaliciousBrowse
                                                                                                                                      • 142.44.243.6
                                                                                                                                      Wws1Rnd02H.exeGet hashmaliciousBrowse
                                                                                                                                      • 176.31.117.84
                                                                                                                                      HTbemZcLWN.exeGet hashmaliciousBrowse
                                                                                                                                      • 176.31.117.84
                                                                                                                                      nC4niiFqg0.exeGet hashmaliciousBrowse
                                                                                                                                      • 176.31.117.84
                                                                                                                                      iGet hashmaliciousBrowse
                                                                                                                                      • 192.99.3.72
                                                                                                                                      978B4AC05A227B23EF7E4FADFF92966339BA1413BAC5A.exeGet hashmaliciousBrowse
                                                                                                                                      • 188.165.207.8
                                                                                                                                      62EAE1F670683A10909351D0DBA4C6CBDADD53C056FE5.exeGet hashmaliciousBrowse
                                                                                                                                      • 51.68.125.34
                                                                                                                                      7xhLwiPIrR.exeGet hashmaliciousBrowse
                                                                                                                                      • 142.44.243.6
                                                                                                                                      SoMuAF6xvf.dllGet hashmaliciousBrowse
                                                                                                                                      • 54.39.106.25
                                                                                                                                      SoMuAF6xvf.dllGet hashmaliciousBrowse
                                                                                                                                      • 54.39.106.25
                                                                                                                                      19495C90691E8B6EEF5D55D50B9D76AE6CEB5629D6C08.exeGet hashmaliciousBrowse
                                                                                                                                      • 142.4.200.50
                                                                                                                                      u867uMlwux.dllGet hashmaliciousBrowse
                                                                                                                                      • 54.39.106.25
                                                                                                                                      Payment Slip.xlsbGet hashmaliciousBrowse
                                                                                                                                      • 178.33.222.243
                                                                                                                                      2020-TAX-EXTENSION.docGet hashmaliciousBrowse
                                                                                                                                      • 145.239.131.55
                                                                                                                                      Gift Card 0796907.xlsbGet hashmaliciousBrowse
                                                                                                                                      • 217.182.175.206
                                                                                                                                      Gift Card 0796907.xlsbGet hashmaliciousBrowse
                                                                                                                                      • 217.182.175.206
                                                                                                                                      CLOUDFLARENETUSPW1-WO-004 PDF.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.19.200
                                                                                                                                      4997169.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.80.171
                                                                                                                                      INVITATI.EXEGet hashmaliciousBrowse
                                                                                                                                      • 104.21.19.200
                                                                                                                                      Machine Specification.exeGet hashmaliciousBrowse
                                                                                                                                      • 172.67.188.154
                                                                                                                                      P.O.exeGet hashmaliciousBrowse
                                                                                                                                      • 172.67.188.154
                                                                                                                                      3MIvJieGXT.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.51.99
                                                                                                                                      SaI1j8jXQY.exeGet hashmaliciousBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      FEED DEBTORS AGEWISE JUNE-21.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.91.43
                                                                                                                                      runsys32.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.20.184.68
                                                                                                                                      6aSBBC4aJx.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.42.63
                                                                                                                                      RFQ# ETS Project-070721B3.docGet hashmaliciousBrowse
                                                                                                                                      • 162.159.130.233
                                                                                                                                      tMAfN344rmHC9Zi.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.19.200
                                                                                                                                      OMJe815AqT.exeGet hashmaliciousBrowse
                                                                                                                                      • 162.159.129.233
                                                                                                                                      sud-life-mobcast.apkGet hashmaliciousBrowse
                                                                                                                                      • 104.22.10.83
                                                                                                                                      7MPEfVAwHo.exeGet hashmaliciousBrowse
                                                                                                                                      • 172.67.188.154
                                                                                                                                      sud-life-outwork.apkGet hashmaliciousBrowse
                                                                                                                                      • 104.22.11.83
                                                                                                                                      SecuriteInfo.com.Trojan.Win32.Save.a.9623.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.19.200
                                                                                                                                      Payment Details.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.21.19.200
                                                                                                                                      Schedule072021R7218468.xlsmGet hashmaliciousBrowse
                                                                                                                                      • 104.21.52.111
                                                                                                                                      Outfordelivery-787848.xlsmGet hashmaliciousBrowse
                                                                                                                                      • 104.21.52.111

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                      9e10692f1b7f78228b2d4e424db3a98cFAX.HTMLGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      runsys32.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      Mclawslaw.ca_Fax-Message.htmlGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      E00E.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      Payslip070620219359636Z.htmlGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      attach.htmlGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      VM52MC9YQDUO0P.htmlGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      RFQ40110 (2).htmlGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      runsys32.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      2790000.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      2770174.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      PO # 2367.htmlGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      ( 1 ) Voice note-Dassault-aviation.htmGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      mJSDCeNxFi.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      3rc4z6ltNu.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      3rc4z6ltNu.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      iew852qEQI.exeGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194
                                                                                                                                      6us663UjcE.dllGet hashmaliciousBrowse
                                                                                                                                      • 104.26.7.39
                                                                                                                                      • 46.105.202.207
                                                                                                                                      • 142.250.180.226
                                                                                                                                      • 35.227.209.167
                                                                                                                                      • 216.58.214.194

                                                                                                                                      Dropped Files

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                      C:\Users\user\AppData\Local\Temp\aes_x86.exe53c0505a_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                        hztxqReczN.exeGet hashmaliciousBrowse
                                                                                                                                          BleachGap.exeGet hashmaliciousBrowse
                                                                                                                                            SuperEnjoy.exeGet hashmaliciousBrowse

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.touslesdrivers[1].xml
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1149
                                                                                                                                              Entropy (8bit):4.747828800985921
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:WU5QKG4RpG4RfG4RVK9G4RO5G4RkG4MU5QKG4RpG4RfG4RVK9G4RO5G4RkG4ghnh:L5Qx4+4Y4W44884d4N5Qx4+4Y4W4488I
                                                                                                                                              MD5:38431A6165E6465C6653B93612467878
                                                                                                                                              SHA1:B5AB5255FD5F650380D890E8F98A68F68A7F3C85
                                                                                                                                              SHA-256:19EF1B12D477C4B14F0E0C2B9584CC46B85963BDCA9AD97AFC036AA84C3DCBC9
                                                                                                                                              SHA-512:735A2F226F2B8FE6E936BBC5AEB2B09EFF19F947B85A7210CDFC75D89B3DD98E47193C8B004B184A4D4594330984065A765BA580FE364A206011371BC5406C1F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <root></root><root><item name="goog_pem_mod" value="219" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod34" value="233" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod53" value="546" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod36" value="593" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod37" value="538" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod44" value="66" ltime="2404659120" htime="30897030" /></root><root><item name="goog_pem_mod" value="219" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod34" value="233" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod53" value="546" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod36" value="593" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod37" value="538" ltime="2404659120" htime="30897030" /><item name="google_experiment_mod4
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB2B1FBA-DF79-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):24152
                                                                                                                                              Entropy (8bit):1.7566510753587679
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:rAZHZen2eGkWeGoZteGovfeGo587teGo5TItAKWeGoIaTxY6:rAZHZg2IWctSf/tRLWM
                                                                                                                                              MD5:F2094B58785E889300E51A297B323A13
                                                                                                                                              SHA1:3E0656A812951617423CD41E7343F8C9AB52D289
                                                                                                                                              SHA-256:A362C87F77828C195DC393A3A8246D454E1C8526F77091E4A741F0BD09D95BF8
                                                                                                                                              SHA-512:C14BB522BE7DA852EEF14756B8472CC4A6A86F1DEA6CC9CC6E0353A9F5030444DFD94715C4EEBBFCC77FFE0BA80269C9810BE1D89F8E28D3352E519CB3A7F50F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CB2B1FBC-DF79-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):28434
                                                                                                                                              Entropy (8bit):2.121175278022863
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:rIZ/QjiQh0QEFKQHuWQL2QlvQKbyi7y+89MVcKJQXs/Mt8r:rI4ehHKSBOLpoM6XsUK
                                                                                                                                              MD5:3D75EF0B794B72284F831C33F1CF911F
                                                                                                                                              SHA1:28CA94F0CCE17724AEFF73BBAF1C45CD994A976E
                                                                                                                                              SHA-256:6A91C9CFDE7ED356C4647E28DEA9B6F9299094C8D74231D7B5C2E64BE338C6FB
                                                                                                                                              SHA-512:1BCA7CE57C6016E14579F6F6586E1321A8E22D1D6CB61F8A1B8B7C469185CAE1AC3E9F44F9978CC7CDD1E551E3763D4DBD6F43536EB99AC381A8277B4F6FF7E3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):657
                                                                                                                                              Entropy (8bit):5.070960637996196
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxOEGwJw/CnWimI002EtM3MHdNMNxOEGwJw/CnWimI00ONVbkEtMb:2d6NxOlSHSZHKd6NxOlSHSZ7Qb
                                                                                                                                              MD5:C820C86A16E361C049E45BD7BD2633B1
                                                                                                                                              SHA1:8C490BBD560F1C156F467FEDEC469F7992B9E427
                                                                                                                                              SHA-256:70D14EDC26FF956FB80AB91C702AB9433639F498F05844F25E3983049BDEC58B
                                                                                                                                              SHA-512:87C8170F7C3A29027796C5A7F9F2B2EA76250C1141CBD9E78969A486E354168148367EC72EE03FF23FF74A2B7E4710E236EB6D036C6DF713E76F8FF68D804758
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):654
                                                                                                                                              Entropy (8bit):5.0767930435485145
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxe2kUKTK7CnWimI002EtM3MHdNMNxe2kUKTK7CnWimI00ONkak6EtMb:2d6NxrLKTKuSZHKd6NxrLKTKuSZ72a7b
                                                                                                                                              MD5:0566A379CAD412A4472E56F3012ADE53
                                                                                                                                              SHA1:09C59E53918537468B6BA4C87B8E4D9779C25211
                                                                                                                                              SHA-256:700A16961A5A598794052284518200F7E7CF50967066AA7540CB0241F287A6A2
                                                                                                                                              SHA-512:DB6ADCBADF682A766F7DA1AF796500C3121629431138247CFD249F5C1E5AD87A5DF98D53BBE1F9A3602B60001F48AA981E809BC3649426D4785079FB6695873F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xa1f0d1a5,0x01d77386</date><accdate>0xa1f0d1a5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xa1f0d1a5,0x01d77386</date><accdate>0xa1f0d1a5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):663
                                                                                                                                              Entropy (8bit):5.09038772814423
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxvLGwJw/CnWimI002EtM3MHdNMNxvLGwJw/CnWimI00ONmZEtMb:2d6NxviSHSZHKd6NxviSHSZ7Ub
                                                                                                                                              MD5:324831E1E7870332C641A0ADC532DB48
                                                                                                                                              SHA1:ED6641C62255137886967E337B56ACA1B8103E72
                                                                                                                                              SHA-256:0A4551E8674190FF4C6CA4DA430DCAA6E4652BA8FEF9B9A7C8554C6E6AD1EB0B
                                                                                                                                              SHA-512:9CF0414B252A88D3B0D5CF6177222BEF8398DAE53B2753C354DE99F0E4B6E71FFD0519C6F7D091E3002CEED5D83F1E47D0C8E615021A10F6A048743B205E9AFA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):648
                                                                                                                                              Entropy (8bit):5.085808071867358
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxiGwJw/CnWimI002EtM3MHdNMNxiGwJw/CnWimI00ONd5EtMb:2d6NxbSHSZHKd6NxbSHSZ7njb
                                                                                                                                              MD5:F2A7FD434E6DA631F08C263AA5CB8D86
                                                                                                                                              SHA1:0B87F3DEC9775670FAC4ED2B8C73D0220328F83E
                                                                                                                                              SHA-256:2F1AA046DE93B7F62BF2983D5710DCAAC6A4864D377FC34F99AD8B0C7577EE9C
                                                                                                                                              SHA-512:915B08D87832D92213BD204D598BACCA043BC3056362837352C6626B24B9B2416B7ED5F971A90014AC7DFEF4C1EC87971C8B01EEBBBF4E4F075F69230EE9D430
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):657
                                                                                                                                              Entropy (8bit):5.111091333937085
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxhGwGwJw/CnWimI002EtM3MHdNMNxhGwGw5CnWimI00ON8K075EtMb:2d6NxQ5SHSZHKd6NxQ5vSZ7uKajb
                                                                                                                                              MD5:9B16649B7FB0304B871035958FA6E45F
                                                                                                                                              SHA1:18A15A23266DAB013DC5B0533242A6504C949964
                                                                                                                                              SHA-256:178A3C0B0FFD4D51E8964574836BAF7B02AB19D280D36FA32EC4B8131F78A869
                                                                                                                                              SHA-512:3B49CC4DC056FFECA26AC3E3CEFC8F911BD09CC19AE7DA7D33D916DC769A0080B86C8BA277AC0D70B251220A2664F300A88B7F4CDE2C2B6F23C5D856D977B653
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa207b505,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):654
                                                                                                                                              Entropy (8bit):5.074601648309996
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNx0nGwJw/CnWimI002EtM3MHdNMNx0nGwJw/CnWimI00ONxEtMb:2d6Nx0GSHSZHKd6Nx0GSHSZ7Vb
                                                                                                                                              MD5:46B355072F66142857F85733C9845FDF
                                                                                                                                              SHA1:87EB8ED7053F49C3EAF9348EA8D36B70FE5AE30E
                                                                                                                                              SHA-256:A78C9B36EF276B589D84D36375ED25EAD84154772AAA70B33C2F3AEF3302E6FD
                                                                                                                                              SHA-512:98B9375ADD8232449387829287340599496110F1A5BA4ACDF3E5E441511F96B6B06943EFCF246DDBFFF21C8D38879DAFC7ACD431D2009C060CCCE169F9101ECE
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):657
                                                                                                                                              Entropy (8bit):5.11053558965378
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxxGwJw/CnWimI002EtM3MHdNMNxxGwJw/CnWimI00ON6Kq5EtMb:2d6NxoSHSZHKd6NxoSHSZ7ub
                                                                                                                                              MD5:29C27095F70CE27F08ED4680D4AC18CE
                                                                                                                                              SHA1:BF26A97CECD18DD8F78D4DBF4440394F494D4B7E
                                                                                                                                              SHA-256:4DEC647A5C0320FF239EFAE87E2C4181BF813409A9AB019F3403F67ECADC033A
                                                                                                                                              SHA-512:E27B5366F287F1DC9C603BB17D8CC0CF8531C9E3F38B193D46204DDBA0436C8A69E1F89B4DEFE5ACC3446F72C3307D1A83F5BEAD1DA960769F7737086AD57974
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):660
                                                                                                                                              Entropy (8bit):5.090841465801232
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxcGwJw/CnWimI002EtM3MHdNMNxcGwJw/CnWimI00ONVEtMb:2d6Nx9SHSZHKd6Nx9SHSZ71b
                                                                                                                                              MD5:714DC758FEADC372CF5979C7A52E26A0
                                                                                                                                              SHA1:28930CA1058279D870189DB532B1996D9BF64F96
                                                                                                                                              SHA-256:874AA2450E699F8BDDE6D8FCC705265328790FF1B76CDF664825BA7C8111739E
                                                                                                                                              SHA-512:A810183045FEF141D37A6AEE4AEFA4F3601AF407F6ED60A6843797F63761703F70635C7C1462D86D99F5C99900F7683914FB2FDDBD3F1389E2E485D0E14EC6D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):654
                                                                                                                                              Entropy (8bit):5.071300069294579
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:TMHdNMNxfnGwJw/CnWimI002EtM3MHdNMNxfnGwJw/CnWimI00ONe5EtMb:2d6Nx+SHSZHKd6Nx+SHSZ7Ejb
                                                                                                                                              MD5:DF1C8E0ED2200BDAD29BB5E68A5B86A6
                                                                                                                                              SHA1:67500311DD242A0B554ADB5CBB97BCCDB5F60AE9
                                                                                                                                              SHA-256:72E9737B3336D415FF75E06A4BEE0F1536B1B58C2C71F73212172BC60B436495
                                                                                                                                              SHA-512:40476AE6C98F437E629AB7BFAF901663D792390F934B3AD32B141BFE8029155383159FE285C41E50E26CB620AFCD0B1FA2C254295FDD3DE68DDD14F5E8B5BA41
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xa20013e5,0x01d77386</date><accdate>0xa20013e5,0x01d77386</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):3384
                                                                                                                                              Entropy (8bit):4.546830126769735
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:pONSvGNwTiNNUBd8dKEGBgT+bzoz7QzM8Y45vl/f4OrWF:gkvGN/NN6uKEn6YXQwMoOr+
                                                                                                                                              MD5:8F4DED883F678051B34684898FCA42C1
                                                                                                                                              SHA1:95138326896D7E394AB6E69E12A5BF45952D56EF
                                                                                                                                              SHA-256:EFFFA36F8FCE3897799F1ED80A93F656F7D46B5E17E226C438690980BFB09D62
                                                                                                                                              SHA-512:D46EBA8A776D6B076D53D6E4A1D3AA8510C8EDC5A90BBD6C0E6797BAAA453256158D30E66A92D850CD4740152A30F19A9975DF56D46547631B393A24C3989DEB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: *.h.t.t.p.s.:././.w.w.w...t.o.u.s.l.e.s.d.r.i.v.e.r.s...c.o.m./.f.a.v.i.c.o.n...i.c.o........... ..............(... ...@...............................................................................................................................*!.c^..........................................................aZ........................................IB.....................................................E>...........................................XS...............................................................................................-$.................................................................................................................................................................................................................................................LI...................#..#..#..#..#..!..!...........................................................................*#.*#.*#.*#.*#.(!.(..&..#.....*!.............................................
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\f[1].txt
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):138064
                                                                                                                                              Entropy (8bit):5.5669460283060115
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:2Xhvx2zPDi4gC4lsfg4tS+kssmhpfWTxK01CPYxStSTulj6JILDrJOF7R7lMMdPm:NzYl67k2gJxCj62KR7lX1RQ69PM
                                                                                                                                              MD5:BDB37E14039F70677DCE242D596CABBC
                                                                                                                                              SHA1:8AD1E0BB3A471D584F6A5ABCACB7C1D3ADB573D2
                                                                                                                                              SHA-256:BE708150523CC8B5E75C597397DB27DA8A982A077BD14EDB0164EA097C3A7A62
                                                                                                                                              SHA-512:793978B9CB5C394827E7F0177F625D6A1D51E6BBA067A8BACCD9E96053D2F24ADAC3F227758F17A540FD242557AAD22F768D23518107D4D60EE47657C6A96BA9
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
                                                                                                                                              Preview: (function(sttc){/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n,aa;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a}; .function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this),ha="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),p={},ia={};function r(a,b){var c=ia[b];if(null==c)return a[b];c=a[c];return void 0!==c?c:a[b]} .function ja(a,b,c){if(b)a:{var d=a.split(".");a=1===d.length;var e=d[0],f;!a&&e in p?f=p:f=fa;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=ha&&"es6"===c?f[
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\favicon[1].ico
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:MS Windows icon resource - 1 icon, 32x32, 24 bits/pixel
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):3262
                                                                                                                                              Entropy (8bit):4.485268324024185
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:wvGNwTiNNUBd8dKEGBgT+bzoz7QzM8Y45vl/f4OrW:wvGN/NN6uKEn6YXQwMoOr
                                                                                                                                              MD5:0580BE944FDB0CA958CEE222CE2C33EF
                                                                                                                                              SHA1:76840612E4FB069A0257E1D541CEFF3E05258C5B
                                                                                                                                              SHA-256:EFDCC2E389940AF4E17F30027E2DE083A4A6206BD93865D573F35AEB24D48548
                                                                                                                                              SHA-512:2EE223EE90D804AD96C7CD34B37FEE91B04426BBF03390AC3D5BA25D4636E7F0CCE0BCD5F96DD8CF04FCA197C2A4A049EE47FABCB93942558D8117A3803F1842
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/favicon.ico
                                                                                                                                              Preview: ...... ..............(... ...@...............................................................................................................................*!.c^..........................................................aZ........................................IB.....................................................E>...........................................XS...............................................................................................-$.................................................................................................................................................................................................................................................LI...................#..#..#..#..#..!..!...........................................................................*#.*#.*#.*#.*#.(!.(..&..#.....*!.............................................................1*.2+.2+.1*.1*./(./(.-&.+$.*#.#..@;.......................................
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\fond_cadre_gauche[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 20 x 1
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):96
                                                                                                                                              Entropy (8bit):5.537374739988986
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:C2lmRKVA2Hy8jGYF+YdmRa//lillhojE:6sq23Gm+YdQl74E
                                                                                                                                              MD5:C24692F799AAF2F5AD6639C6B7951AA5
                                                                                                                                              SHA1:41AAC8D27A14C1A44E0259624B26FD34A548EFFD
                                                                                                                                              SHA-256:F460795DED908CA63FD1EDDC5A41FE275A916A0DCACDB7A28E2B3D37FB5E36B2
                                                                                                                                              SHA-512:560B7832F0AA1E02BBDA31A5BD25EBD69EA84CB856F2847B714F6D1F2410D3B104D2C8A6FA9D8B6CAEDDACB01E97F8C6964B48D6B387E3879474599A447D6D4D
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/fond_cadre_gauche.gif
                                                                                                                                              Preview: GIF89a........L.{.....e..)b....;p.......P~..V........D....!.......,.............EL.....@O.F.;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\host_name[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):2193
                                                                                                                                              Entropy (8bit):7.889290673872146
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:dM1pX9knogc+HJ2F6onxETbr5a+OwenXz7mD7paMfQ3wPOe:q1sndc+U1ETbrdxenXXmRffPOe
                                                                                                                                              MD5:AD8E6747D4030231BA900F9B099E7290
                                                                                                                                              SHA1:3510865939B06510F48A73495B9EF09E8B325C40
                                                                                                                                              SHA-256:B3208CACE7FFE15BE999E3A06335FDADF465F4AD9D5B53817C73AFD78701CB26
                                                                                                                                              SHA-512:99F12AC94A7AB8753B3D3F9667DFF84819F0ACA27F092282FC2127F20447D4102813886C7D34A7477A80B568D2D7E060791A3791622EE33196E76EFD0A95D5EA
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume/host_name.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...3IDATx..Wil..........z.....$`.7.0k.H..v.J.!.^.J.$.">T.P..Z..R.D.UT.U.4R....BK...u.q..s..X.w...k..........&......{....3........1.J.A..y...i.d.L.....&..t"n(J.&....L(.\P..X,.q.....ZZZ.L&..WRI.f.....w|.u..'<.JO{..|..n..H........7:/....$M..e.mmmp.\3....QUU.UU.%P.z.?:..U.6.....w;..9\.L.?...:.<..%.|..9.._.....(.7.L..|.x<.g.%..E.}...[..>.../.Kf..S...W..............`.......o...|C.m.=...7..I.f.w^|...Ub..#.S.....7..n....J[2...*.............xjw....l.}..~~.7&R/t...9..`$...'.z[.........1.....#..C.....|.S.ry..w....n.e.....$.&.3`.Dd4.B ..@...PT..h0."TC....Ze\....).......ZZ..^{....7h.=.R.D@..=..V.....A.;........tH..........4.x.....hL./...aC$.`..[..5}.QI&/.!@.....Mc..c.nug2.i..O.}.?......?.A ).n...8;...7.gc""..,.'..L9.i..oRh.#.k.W.l|ty..1.;}.':;;O.BS...........a..@....R....=:...f..,"..a.3X.a..Q.....L.C.[.V?m...i)w.[....3....-....$<K...N...........uJ....w=..._.(..^.....,...Q].ry..e%.;9'.
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\loader[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):263
                                                                                                                                              Entropy (8bit):4.845707282245
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Qr/8/iFSgbDRWs+Oi+8mgO9l3sGAicLmsBtWcawncG5n:YYiFxDRWXu3xAixsj0wn35
                                                                                                                                              MD5:939C4AB6F35E346B2014E2719E073E03
                                                                                                                                              SHA1:A24ACAFA350E3CF1DB80557BF1F5FBF1F1F0F842
                                                                                                                                              SHA-256:45FCB9A07E3F111F6EB17F93E31450B0D60240FAB0A8CF361478D12F3CA908AB
                                                                                                                                              SHA-512:0D87F0CE57463594E827F30DE056008A8875B77CEFD45BF0B347ADBC466D03998FE68C3A616D1001B038906160A094BD7A12CE4F05085CDD34F39E6AB484D2F3
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://cdn.appconsent.io/loader.js
                                                                                                                                              Preview: 'use strict'.var baseUrl = 'https://cdn.appconsent.io/tcf2/28.4.0'.var head = document.getElementsByTagName('head')[0].var script = document.createElement('script').script.type = 'text/javascript'.script.src = baseUrl + '/core.bundle.js'.head.appendChild(script).
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\memory[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1077
                                                                                                                                              Entropy (8bit):7.775326271252012
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:J8Uvz66BLEp7oPKfsx3OuDivHwaMVAYKpFUOqqr:J8+EhzycHfMVzvYr
                                                                                                                                              MD5:2BC67C912BCC4A8FCDDD17D405A1F3D5
                                                                                                                                              SHA1:986EBE371D7040D1740D12AF537BD9755E411781
                                                                                                                                              SHA-256:EB7813C98D7B33ED273059B95B781918B53F1D02AE42D888577BCE7F8F7DD61A
                                                                                                                                              SHA-512:55D6BE705F771385C09E5D9E05DA0BFE396FFAB853B884C7C1FBC77D249CF1AAFC1832004F1741D0246CB280AE05DE40089F79A90AA75855675E79FEBA2646B3
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume/memory.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..V.o#E......k.v.I8r..:8...DC......!Q .._...QPSs..@.....%$qrk{vg.7.^...).g.....}....{...8..Z9.r`...; .."V..5./.s...z...9cp.73.\4.9.X....5v.....l.7....y...Y.6...;.....^...xT*.;]L.)....*......Rhc ...9.'....t.6...1h1z.Q....yQ ...w>~e.......NOO...q.qL.J.N.....EB.!.8.Sr`.tVSv..1.4..%.9..C.XlN(.....s....v..Q.i=.........B.<.N,...0s.7:H..S.].\..T......?..;......s...."9...^O...1#.....BJs.......6 p..7H.h.I.5...2..?>~.\..hd._.z..|..Z.D..@...h..W2.Q.\......V.Q...b..Y+/F..K..P..J.....G..<07.l...A^......K.|..7N.. BWH...~.PM....p....;.l...d./S~).Qnum..r._A.5.0..H..8c........*.U.(..&.V4...QS@..Ui`.......W4.]X.Z..L.....j.7;.|o.Z-I.t...._~... .=.1t.k.:..`c.d....5dM....A.0..}{29}.........x2....F?b(.Q..gPQ...97n...._..#......W........9C..gKx.....9.q..?.G?9..{o..bw..7.......'(MM.<R;r.....9<....wt....D*;...r..L.6...H....:!j..g...t.p..QU.A.....Ht.p./......S...i(2i..0l...Y..D...@....=.
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\motherboard[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1286
                                                                                                                                              Entropy (8bit):7.774039023750853
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:LLXrJ8DTdqPB0iXo4ApvL9Oan+Gkn72PQjUtnRHNpB1MJLdJOHCidTsR:LHJ8vddiXivLEFMPQIBRxe7J0sR
                                                                                                                                              MD5:8B0DF2F8C82A0E94378DE269173A6245
                                                                                                                                              SHA1:445CB77AB76C36E36687D512882A9547E169FAE2
                                                                                                                                              SHA-256:7624E79929506F747AAB48020B944198DE22D008CB3F94195B8FEC3C88044BD2
                                                                                                                                              SHA-512:24066AF31B910A99FE18BEE33AF2632B65AADBCACEBFA8BEE4E60427A985EE3D338F3CAA8FB63EE3C8BAD9D621957458E130F55256A3C0751B0881F895D83077
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume/motherboard.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..V]L[e.~........e...c....dH....b..c.,.......%.h\4..g...-t.#..O.*.eA.8(......=..=.._.@7...79..s...y......TU..4=....8$pH...PZ'.....z..........A.1..I.R..f0..]_RR.C...@WW..:`-((8^VV.YXX.n2....b...A......L...u..^.]4..ZZZz........M..rLQ....DQ...\_TTT_UU.....{8..y._TfF.$6s/..C`?.....&...@....z.H...>!A.....EA]]...#....2....g.D...x..3.z.T]]..h....f(...'.F.eY ....}..v........YS555....:..=//..P..@u:]:.d>z.n1\.|.......<tv...i4g&.6........k....D@...y..j......444....lo.LL......eL.._..k.=..f...{B......g ..x..x<..P(. .p.L/47.@.)......c8&.....(.c...r..M....g....<...6-.v...F...|...6[..W<..^..Nv..:.....H../..)y....{Mf..t.2P.Y.i:.b2..&..z.aaqxvv...r...b2....&...<X.......h|...._....!.6.....=..{w.->.........q.UH!%E6..n.W.P.$.$..g>....:..6.x...M.2...%`y......<[...|.F.c+...{DA...[..]....<.yDU.AQT..UD'PL.....$..h.rs.z..h.%)..z...| .....KX.Nb.<.(.yh....._......G.$.b.X..c.$!..;.@.F2...Q.,....W...#.
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\option_moteur[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1022
                                                                                                                                              Entropy (8bit):6.064376998696999
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:pKSinliOl9outoBvk+/O7bUCjSfLZYRHHpwCif+iX3:UGSpe/yGz8HQGiX3
                                                                                                                                              MD5:C4A9703806307A8F55D5D0DEB047EFCA
                                                                                                                                              SHA1:5C8A91273A6A2B36E215E2761DDFBE9A7970BCBD
                                                                                                                                              SHA-256:F76A5BA234C7A9DF93A5566B3ED9E9562934D589F610079418525C1728775633
                                                                                                                                              SHA-512:D7CB660411B5EA23A68B1D7C0446A1D70804658397705E6BFD87125ECB1F5D87BB19EEE31D56BD3D4DEF9BC7982928E1D92C3B93C05CC48EE70E0FA50E70F779
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/option_moteur.gif
                                                                                                                                              Preview: GIF89a...........%,....................KII........^`.49.#+.39........./5...<>.......|~.+0MMM....8;.PT..........ty.6;..........FJK..B....._%'T)*.EJ.^a......6...RW....48..........................ccc.....d...JP=.........?D...>...}........W[..$..be.....-..QQQ...x|.y}......?::.....&....3..___.......VZ.............JM......FL.RRRC.........")...2...BC....hk.......JM/...MR.....===......[').@F...222....BG=......N.....PPP...<B...AAA...+1.....9>...svE$%...<<<.....................................................................................................................................................................................................................................................................................................!.......,............!.a.(.%@.@)\.P@........b&0..)S.....Y.hM..V..pcH...yD.....464Eq..JG.v..!Df....@M84...>..t8.GI.9A@..4HR..j.. .(....I.Q.....#"9(..#O.6.x1.....(<i...#.Z8...'...u.\.(......0i....;{...#'...2. . ...\
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\processor[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1132
                                                                                                                                              Entropy (8bit):7.78418742492434
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:LgcGvPgI+5dyO6dKS/LOPcl1yIhYvEvIFeAEkMrNgvjscomC5H:LgfPgI+5ZzYLCpvDVMiLHOZ
                                                                                                                                              MD5:BFD62B86E92836CB415C208E20041EA4
                                                                                                                                              SHA1:8F77DE6D4CFEE18FEE144F11CAC3CCA29FD3FC8A
                                                                                                                                              SHA-256:4CF76316082969F2EF3200B2E6B7EEF27A9E715E208CBC23DC5BC7987AD2B1E9
                                                                                                                                              SHA-512:BD1E935FD56C43D829796545829FF6FA0898475778FE663CFABCF30782951C452A6157D3212BDF15A8D738FAC3AE481FEDA5A9DC7B0ED0DF22345D7FB797156B
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume/processor.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[O.G...=...0..v1-%.`.8i." .V.J...U{.....w.D..J..R.P...%.B&F....166.k.=t....G.zF...9<...}3.,..B.K.....h.\8.}..........E.. @..}..}..4....)).14H.:w.......M........|...jvY?.\..=6.-C3.....K....O..8o...~......t........c.C.S#C7.=.n......kY._.Nx...w....|.....8.^...|...^.?{.o....:z..n..........fE2.R.B.D..G(..dE.......|..]....,.........}.>_..#.z0.G.}.S.}.....w'...5.lN.U.<.*..f,.R.e..$.3.}a...o?....f.........N)`...]N.g...{.....aiv....G.{0[.iZ5.$I.C.$.>....v...1.wAT+.{.1oN.x..u....P...)..._.c-.v.4~|.+Lf.>.9...%.B3...bA.....T..`.I.EEQD..C".G:.F./"/..d.y.........v.(.aX.E.y....-..[..t4 ht....u=...F...d..0...:XZ.....aWvM!.L"..X)..e.....e...X!......T..R..Vv5V*>....&?.._f~..i.....v..;..P.f.@[...6G4.E1......).).-....v:.L*.&..>...N.9...%..k.....f..y.]....=@....g*.x&;.4gO.|..Ti...g...J..X..V.U.....eN....9../..............'C.g...N..Z....X.N...Sr...,.r.vw!..H...._\>._.....V.o..._...
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\resume[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):3089
                                                                                                                                              Entropy (8bit):7.91147236565472
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:hA/JGMA5AYHNw0FZRIV56tlcx6qdE0pbH2boCXbDD7xCXFK9koyZcr0kNoGUx:hA/J25AYweMpPxlEnYXeyZPkNAx
                                                                                                                                              MD5:113C088A7AF096B0780EA8C7EFE9A05C
                                                                                                                                              SHA1:5DB34253736A4DA8A4B399F412391C9076E2A443
                                                                                                                                              SHA-256:41D08DA568B2A2E8703144828DCFADB56D8AB31B221FA8439D26FB8ACB30F80A
                                                                                                                                              SHA-512:0DCDB93D9DFE821239749412DE2C346519D69EDF9B3E8C1683AB736212B7F8732004A955614511DB420EAD95F0E0CB33E2D9615A5AE3E23857F99D837162E382
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume.png
                                                                                                                                              Preview: .PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..YkL[..?.....6.........B.4.J..j.Nk.t...K2......n_..U.}i...&u..tY..P.......&,O........{...^....K6U..\s...w..w....q.M.h..oO.<....@...0....;033..B..B......H$PPX..k...fs....x.......h.d2..D".(..L...7...F..OE.h0........k.T*.v..u...7UW....2.h.r ......47}V__.Y......zOO......PZZ....q.#...;vn..B.....{.z}..r...0..E..D,..\N....@0.64.}~...sii.}\.K.R.}.6.......o...q..1...;^.....z.^o.e9..^.&..9R...?..l...[...sL.q.X.....y....]?u.'...]..$..h.eY....}.7o9.g..333s..~4......e....SpoD..W?.....u....`.5......4.S.....OT.r.\b..?.,...v..\..h.Z..`)...y\..Q........A..m.u.2(..@......7XA....ccaG.u...... .wzfy...n...mY.i..s~>...!....0R.F.(P\.DA..1..b;@...~.z=...].(;>..T.<.......z..Z./.s..\~\`...Y..`......9....Q..x.....x0.......,.0K..@.b0(.(....vPZ..B..B0.{.H..Tl..O.xp....;.70.oij<......`$.d..!.l..Eb.h.3..X.........o~.r..05=...x.td..ad.q.&.hP"............LS.-S~........A0....Z/..*.8..P......l.V........P..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\style[1].css
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):24423
                                                                                                                                              Entropy (8bit):5.069870974752049
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:d2wjAMhAUn2J52n4sEcjzg7aD8JL8fWAzy4AXqCFxdlY88E+7ubSL38pR9fOpG5Y:iezPG/4Zx
                                                                                                                                              MD5:45A9ADE38A96D6750D6B38B769DFEB06
                                                                                                                                              SHA1:AF7D1E493DEFD724FFE8F79DBA72BA3EC750897E
                                                                                                                                              SHA-256:104B3BB884AE25296EDE724AF5AEDF559BF5E51C8F38F5E9090F1B97E0484EC3
                                                                                                                                              SHA-512:650C5C4A9833FC23A8DF24BC23031DA8E8269920914976E492027ABEEFE44B66E8D54225E724AA6ADFA3650EAE416A1201E3446B739A98B60E7F68BD62DCD050
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/style.css
                                                                                                                                              Preview: body.site..{...margin:5px;...background:#F0F0F0;...font-family:"segoe ui","trebuchet ms",tahoma,verdana;...font-size:13px;...color:#000000;...text-align:center;..}..div.div_principal..{...width:988px;...height:100%;...margin:auto;...padding:0px;...border:1px solid #000000;...background:#004483;..}..div.menu..{...width:100%;...height:25px;...margin:0px;...padding:0px;...border:0px;...font-size:12px;...font-weight:bold;...text-transform:uppercase;...clear:both;..}..div.recherche..{...width:510px;...height:25px;...margin:0px;...padding:0px;...padding-left:10px;...border:0px;...font-size:12px;...font-weight:bold;...color:#FFFFFF;...text-align:left;...float:left;..}..div.options..{...width:auto;...height:25px;...margin:0px;...padding:0px;...padding-right:10px;...border:0px;...font-size:12px;...font-weight:bold;...color:#FFFFFF;...text-align:right;...float:right;..}..div.accueil_alphabetique..{...border:0px;...text-align:center;...line-height:20px;..}..table.tableau_haut..{...width:100%;...h
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\touslesdrivers[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):17150
                                                                                                                                              Entropy (8bit):5.39774626082103
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:4GYyLZTviuBFtpRSy+QytqNqTpRSHNkrK6z13mAZJSF1KIZKlpj4Up:kyLZTviOFnR1+ftqQNR8M7mJK7Lj4C
                                                                                                                                              MD5:88DA5EF5222E92651FAF2358BFCBA19E
                                                                                                                                              SHA1:8503805D80717E81F2E42CC6DC02E51209C5D350
                                                                                                                                              SHA-256:45165DE545F39D4DB70F0EEEB93F4AE7DAFEEBB91252B839513929BC4089F544
                                                                                                                                              SHA-512:65F8A7F707CF601C2103A7903115446C09896523B75B781BF6628F906DD8C1FDB62EB239E4066CBB4112CDA12D5FBC04229ABDE89C0A2784B7E22608AD509868
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://tags.smilewanted.com/formats/corner-video/touslesdrivers.com
                                                                                                                                              Preview: ../* TAGS 2 - 2021-07-07 16:02:43 */....function create_pixel_ad_sw(){.. var smile_img = document.createElement('img');.... smile_img.height = 1;.. smile_img.width = 1;.. smile_img.style = 'border-style:none';.. smile_img.alt = '';.... return smile_img;..}....function getRandomInt(min, max){.. return Math.floor(Math.random() * (max - min + 1)) + min;..}......function insert_script_js(script_src){.. var insert_script_js = document.createElement('script');.. insert_script_js.type = 'text/javascript';.. insert_script_js.async = true;.. insert_script_js.src = script_src;.. top.document.getElementsByTagName('head')[0].appendChild(insert_script_js);..}......function insert_stylesheet_css(css_src){.. var insert_stylesheet_css = document.createElement('link');.. insert_stylesheet_css.rel = 'stylesheet';.. insert_stylesheet_css.type = 'text/css';.. insert_stylesheet_css.href = css_src;.. top.document.getElementsByTagName('head')[0].appendC
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\windows-10[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):795
                                                                                                                                              Entropy (8bit):7.635887404652688
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:sj+XPY9NUyr8wmHDw1GcJlsYi2j2cFCD48:swkH0HDwZ5Ck8
                                                                                                                                              MD5:70E6CA2183E6990D2D07C64C812B8610
                                                                                                                                              SHA1:620BC3ECC5D4DC8A31674974DDC894BBB9A7C03C
                                                                                                                                              SHA-256:5C5ECDF1D507D2FCCA0880DE4548BF435FDBA0895381FB983D2A3269AD44D4C2
                                                                                                                                              SHA-512:81861D2DBF3832F7C67E15DA7D713FE8D444803C8F422599C7340A2F5FDFA8038574EB763C0A121943DAD05BF59D7E8164783543BF30F3CD89060BF16EE6EC7A
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/systemes/windows-10.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W?o.P....(...).i....G>..R'.G@,H|.&....0 .:.!.Z..1t..H.U-...mH.&...g?'i.qb(.x..|O.w.{........(.......7_.H?,Vr..OC>.:O$..G.Fl....T.+..-.SW.,...Y....&..)P.W..4t.!KhmM...t.s..u..|#.......3_?@:...b..D..g...i)..R...w.1...u.GA'@c.......I16!.@.P..?.2.5...m3.q.m3.?X...&.<.9.JAa.t(..P.l...x ......A.8H...D..=@..!.Gb.u.d..F..i?..E..u ..1L.....@1wE l.p......0 ....$.Ib.Y...v.~.. .r..K.~.^.D.m.G.&.%.J.e....lu..q.........t....z...}Q.t..n\S....,.I..../..h.Gp..p.Xn....XxNsb?.@...#i...w.....k..}.`m.....".....T.g0.+9.+9.]....y5...G....i....N..|.\..a...)!.$]..w.....jN..M*..*...=.:.fik...os.A.....x>...P..w63]..zC....p..6:.{.4j9.}<...n:&i.D.[(}oN`]..s.v..F.@..Rwh....f.....ky..S.k..I...-.....J.f....IEND.B`.
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\aide[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1070
                                                                                                                                              Entropy (8bit):5.7516212260153265
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:W4z/2hyWMt8VVv8bCX2pzlFUqsh4+wab04H25u97QCGl8Knq+O/A9ELdjF5RBphw:7zLATtMaYdMQCa8Kq+8iGpzw
                                                                                                                                              MD5:F0D40551F94B4B5C709B00858474EE18
                                                                                                                                              SHA1:8ED6447D78E62966031DD75B0E7E2FBE65B7C2DE
                                                                                                                                              SHA-256:DB979530CD662BE3DF8742FA1E68E30B5797F84A32F07DED951C43347D4391A2
                                                                                                                                              SHA-512:9A413C2B862D12DC3F55354B793483781A597A656E40A37BDDBD7E7BF701F20CE2ABA05C79089D4CC6E8B291B3179F6661D343A12102D485215A6787F13A7890
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/aide.gif
                                                                                                                                              Preview: GIF89a.....................................)_.'X.+`.(Z.-b.+].*[..b.0d.-^.1e.0c.2e.2f.4g.3f.2c.2c.1b.5h.4f.4g.2b.6h.6i.6h.6h.8k.3a.;m.8f.Cm.Is.]..c..g..q..........bgq.......................................................................QSV...........................................................................................................................................................................pppWWW..................................................................................................................................................................................................................................................................................................................................................................!.......,.............)*3E...8n.9..@.e...(%...B..@...PBBy....3...P.RO.0`^......2?X...(../qP.P..P.%OZ.x....<..!....1P...5.."..*J.G...#..1....[..)0......(Z.!...a........^......k...A.....\..a..0C...c......(...A.+4
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\coin_bas_gauche[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 20 x 20
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):758
                                                                                                                                              Entropy (8bit):7.5004875313232535
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:E8VfIPuPvm5alTEUNU4GskL5TkM7p348/WgY8DfZiopTmX9BUnXeN4:E8Wu+algwULskxpp3ZFYSi4TmHqeW
                                                                                                                                              MD5:F15847DF515D7F4B6C95C1301919D0F5
                                                                                                                                              SHA1:31B9F56EA0598C86C514E7DC32A2B314274E3566
                                                                                                                                              SHA-256:AF65CB93C4094FA0B363881CD59B48887C6CD5361A1F10BD0924F5D215F0FFA4
                                                                                                                                              SHA-512:2E872EFB5D7DEA272B12E79F5C573856D6DD72777AA156B3416BEF302863DD90F7D7744C1F9AF905DC3A142C9AD1333E65C3C8971CC438966722104AC5E30B6A
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/coin_bas_gauche.gif
                                                                                                                                              Preview: GIF89a........J..R.;o..V..H.V...F....*c......r.......Bt.b.....8m."]..K.......f........"].L|.N}....Ew.d.._...E..X..M.(b..E..G./f..N..................1h.....P.h...T.P...S.6k....4j.......x.........I.'`....)b.R..v..k...........Z....Ew....S........=q..L..O.*c.......|..j...G..U.......X..&`....Hx.......\...Y.3i.....Z.u..M|..L.....K.....E....Gx....+c.....L........D..................................!.......,............tg..NA1..L+Y..<s..t.W#.3.T..E.8_R...2[...:c..j)J..st...7]`.(?D\F..*.t%PG&..U;H.^9M-..$O.@...B/X6S.r-..R<tt=.b.ZC...,n.M.J_...'!..0.a...lXL.a$...t...@#...K<...@../\.@......|.HR.B.4..4 ..u.j... B....Px...LJ..@.M.$K>...........1.)....hyPe..*......k...S.t.P....1.......Q..p.E. Z.%.F..@L. .Ib.....0...-#.\....(.d\.0..D:$J..0.L..t...;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\f[1].txt
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):145
                                                                                                                                              Entropy (8bit):4.498125758800745
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:xRqzdK6JAJuLRLOdK6J9QpH6yWHaEHWcHZaE+kpHsWU+J60EHQJq:xReLJRLSLJxyW9HZlsWU+4QJq
                                                                                                                                              MD5:1A92A1FD251BD6AA2A01FA62F1341B16
                                                                                                                                              SHA1:E8C29B7B0C5DF6D3730D94F567F5985C7C9FC539
                                                                                                                                              SHA-256:676D52535C21965D7FE22AF9731986407A002C596AC0E8A1011CB0525D79FA63
                                                                                                                                              SHA-512:BD4F30640E35596DABDFAA26D0E0C1A9EAACE9378DFFFFD98A12890D23BF3A8468A8D43FFBA744400F93F0C7C1124561CFA8F263C45D3A20247CA4A562F1A05D
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.touslesdrivers.com
                                                                                                                                              Preview: [["touslesdrivers.com",null,"www.touslesdrivers.com",[[null,"1015413",1,0],[null,"1023879",2,1],[null,"158819131",5,0],[null,"6917646",5,2]]],[]]
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\graphics[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1553
                                                                                                                                              Entropy (8bit):7.830135956630017
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:PIoZkEDW87Kb1ShdyPZ98wHrHUWj8gr//7ExMT:PIoZkESpREyPZ9PHrHUa8+G+
                                                                                                                                              MD5:FC611C23DFA2DCB45B81E655FFA7917E
                                                                                                                                              SHA1:4A089C97EB976F8F1B6E63FE258C41AE2C30A04C
                                                                                                                                              SHA-256:3CE5A65EB73B13A87CD4074C4A57519663D8DCEED164B07842442980E5871B0A
                                                                                                                                              SHA-512:9C845A8166A9F8F0947778CA54D0A25AA6501074CEF0F2B06E4B4C114ABF01BE5981E94B0B3B22635EF74F28399636D66EB1D4495228CD263048A0A53C1A45AF
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume/graphics.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..WK..E.=...{.g...@...4#.0b$..+.$.\d...U."..+!....C....].H$.... J$Y..D&L.....{..U.~3.7...i..w....{.j4)%...._..0.$Ip......}s422R>u......9.(...r..m(...m5....>|x.......977..k.F.oc..B..F..o..J%.R..y...V...@.%...Hy@.].1....i...........q".Q....=..2.u.;/.T#Hx...r\".*3.}#.\.......$d&3F_.~.....X.......AQ.6.Rr..iD.1M..8pL...M...&.A<.m.*CLY.........J.;P.c9W{.....5)....Vh..l.-.p.Z.!.'&...D.~..j.....0.....w....w$"..r.X.:...!."....<....Ty."'.....#.;.. X.bz. ..)......2...X...78..T.:.z..N..6........[....&.m...>a..s).f.Cp.H....>$...f.......G.`...T&gb...@?.Q...>.C.i\P...p...'.R....h.i..k.*B"Y3...[.gG..|T..J...'.".mZ`.Ch.D2E..pC...M'"gZo......oP.9...2..)...0.e.H%.H.t...L..6.]..#...K..Up9C.J..\...P.e...@1......0.c..c.........t2.p*. ...ew.B-.`@..f`l`.... r..:.H(.h...*U.W....q.y_.c.!..D.px../0.\..N.t..[.}>WD.3.V.@..`..qj...N.D.8................q`v.W~......u...]!....f4CF.iF&....
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\index[1].htm
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:HTML document, UTF-8 Unicode text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):211
                                                                                                                                              Entropy (8bit):5.2516964360365215
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:8ROFKGQIeRvvXbvx9M849RvZ8ouRYQxdzfmEZDqDISLxOdK3MKbHY6Vrxh4z4uhv:AYSIaXLxu9RRtuHzHgLxSbKbHY6TM4n4
                                                                                                                                              MD5:07EED7B5172684A3129E0ECD0B2FCCC4
                                                                                                                                              SHA1:3C5079950C57E9EF28A7D771EC6B6CE7125A6E0C
                                                                                                                                              SHA-256:CEAFB5D7DA9C6B37B506ECB23CF3C212A31F5D9EC3BD1D25C21BA24535206785
                                                                                                                                              SHA-512:DC622B7AB54FD0350DA295DD367BC24054FC5F61A9CCF483EB5841C4CE87EC0DCCEC82FEA2822247A89400A7AA40E548F35103072704B758172E96AE5958D724
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: <head><title>Document d.plac.</title></head>.<body><h1>Objet d.plac.</h1>Ce document peut .tre consult. <a HREF="https://www.touslesdrivers.com/index.php?v_page=31&amp;v_id=8KVKWmfznwDbzahM">ici</a></body>
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\logo_fond_bleu[1].jpg
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 230x90, frames 3
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):9555
                                                                                                                                              Entropy (8bit):7.940269913655646
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZrZ47bKsgDpBHt/PNm8cfj+8Z5CK1JZcizICSSWVAp8eY6KMJUwjRTUAnQ4J0P/:DlpB94/nCMJZ9zrZp5JU43nQTX
                                                                                                                                              MD5:23E22ABF0229B627DA00445714AF9AC3
                                                                                                                                              SHA1:AE9DEA0D5132D9819362D7A21DF8FCA270D4BBAA
                                                                                                                                              SHA-256:B1428BA0BB29A2709DE20C8AE63E4366F6E77B2B9E9CF72AF8619758F06BD3CA
                                                                                                                                              SHA-512:5DEC3E39244E4B883212D497B6FF27893BD298C3BEF0F3D51207EDAD0E65A9157276EF526CDC35E65DE777B785CE729AFECA3982F14488D78715110808813282
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/logo_fond_bleu.jpg
                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......F......Adobe.d.................................................................................................................................................Z..............................................................................................!1A.Qa.."2...BRq#..r....$...b..V...4U.......................!.1AQ....aq"R......2#..B..3...............?....l2.t..d:[t2.-.......Kn.C..C!....m..t..d:[t2.d6O`t2.m..O.C!........y.~....u..t...X.'...u.%....2.`.Gq....t2.gn.C...{$..2.g.s..v.C..9...C!..+..}....PGq....t2.-.......]..FQ.[t2.-.......Kn.C..C!.9..VF..q.(d...u..(......J.\~).Al.v.......t..R...`...t.'JH...Xi&...}cZY4....../.n..M1.m...~*.u..HSqR..h.VB..=4.:...\.F<A&.oj.&..e.s..2]p x.d:...$OB]..2.@.:.....A..%.t..RYX.....aK..I.eJd.*..].).(._.<Bu.........m....g.|.].....2x...d..o'.).......o...!..X<x{.G.|'.,.......)...Bn....e._.JK(AUM;i.J./.5.F..R..|.R.}.'.o./...U.G. |......QM.nB..%'..w.Mb....P..(H.k..].S]J.+S.)B..<s.BQ..c.Z.V..Cf..#I.GP...
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\network[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1106
                                                                                                                                              Entropy (8bit):7.764479488532236
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:ZO9hdOufulObiyILHNdMUqGCwvU7r2DgCKNtKaNtGcKoxJ813L5Nu97:ZOHddfGOerLEUK7rYCrNt5+1b5Nc
                                                                                                                                              MD5:627C716857CB369DB460456CEF212FC6
                                                                                                                                              SHA1:D633581A401417F737AFE99CA377F12238946705
                                                                                                                                              SHA-256:DAFA2DE794AA0DB620D3C4EC5E0F2F4BAC6584A8ADA34F0A79BB1D970AA0FEE8
                                                                                                                                              SHA-512:900E572A441CFF96ECB3FB47A876A3C328CC4F1E0FBCFE429DBA0C6A590CE5BFF5E31C4539D3E8EC4D453B3123810CBA5EEAAEAB3C84016207F77968B576182D
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume/network.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...o.U.....v&v=.xI..%......"..bR.U."..@......'@B.._.......@H....:DQ....7..8i.'6^fl....V..Q{...F?.y.7.....}:UU.I..O8..u.:@..x.........y.q...C.}.@.*.2....N..q8....iM$...|>0.........as__....F|ii).....:...........+.+g...Gh..F..Y,.O......{....r....q....R..W*..G."...?d.s.hv.xmg!5...%..S.....j}..+t...).:#...2.m............H.lM....I4.N...AH]m]..w......T..Y..f..........o..9.u.......l.x#F.2.l.*.2$.$........Y.k.....l.CK.V-....vuu..\.=&a.9e......7.F.p.li...P..b..*!......(.P..P).\.C.../.)LH......(X..Z..,............}...._..mS.I.A.@.....0...$Q.Y.ak..6ogA..h.R...>...k..O..$..L&....6.R....aww..'..z.......0....F..@.z.....H..~..$...p. ......."._...{.S...x.Z[[k..J.....%.b..>.l...4.z..`.).e%d........=dn..;/..L..........\...f~^\\.U....(..zagg....N...G...cL....ld4.$..%y..m/.D...O1.=.$.L........|.y....y..'Ei....n.s-....~...k.5.x.1\..L..7...Q...9..8.m8yhh....%.8....D.?...`..../E].z..|.w..?40..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\option_imprimer[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):344
                                                                                                                                              Entropy (8bit):5.625170380731303
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:NO/bp45z4tLXbV3udgXt5tWunZfhT9qw1JfR32Fo1d2:AF4l4t/V3agdzWu/12W1Y
                                                                                                                                              MD5:52AB34BB7CDBCD7A1A48C8475E64F643
                                                                                                                                              SHA1:A0A9035A41765EC1D5C86D0EDEF4564C3182C16C
                                                                                                                                              SHA-256:CF5CD181B19B9E3FFEAE358C8C3E41CAAEEAFF03CF3C682123D0955ADB56C20D
                                                                                                                                              SHA-512:1F239E01099AC2B3B09F5AAED19ED9CF89EC40CE62F40279FE2143A257A6A3C71FE0251B5684BE1239272507F5F5AF0DFEA6EFA1173C4847DEEC53FBB5903605
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/option_imprimer.gif
                                                                                                                                              Preview: GIF89a................$$5@AFy........................M..Pn..Z.CXdu..,l....C[SP.q...$`9..............{{{xxxhhhTTT..........................................................................................!.....".,..........u@.P.)...$..ln..M`J}B..j...x.`..p..h2w....p6.`...x.....?..}}.\.......\...........................I......W".YS......IA.;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\option_rechercher[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):567
                                                                                                                                              Entropy (8bit):6.654219453782099
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:x9NetOXBQhvswzdCWRBaxlN2zauIxamx4XpVgHNy00KC:x/45s2dCWRBaKauaBWXCNe9
                                                                                                                                              MD5:B23F2CC1CAD76B4F1C57621E0AFD7775
                                                                                                                                              SHA1:FB1C3E2193A551570B39114F7F9010CEAF08EBDD
                                                                                                                                              SHA-256:B3C26803A31FACEA8F871CE1484CC662B903630F306098DC44ADEBE9753883F0
                                                                                                                                              SHA-512:461AAC1928CE34E331D84A33D63B4DC51B85D8FEE01C5576800B7CD387B18399FA99EE29363F965DA5F99F1D0D906269A8986767D59801F14714049EFBBC3CD0
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/option_rechercher.gif
                                                                                                                                              Preview: GIF89a.................................................................................................................................................................................................................................................K..N..N..O........z.......<.<.=.@.A.......sp.ro.sp....sr.........................................................!.....m.,............m..........m..:?=*......,& 07...Q.!)24>/..-8%.BFGDC..6($@HNPMI..#1'BLSURJ...51A...3....<EKOT...[`f..+;9".._Vdg..ZYbi...\Waj..m^X.!.M.2l..l.f..6...;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\options[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1976
                                                                                                                                              Entropy (8bit):7.872877123173845
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:YMp92RgpMuBbUOhZo17PEFgSrmMa+jIy9I:YMWcMPso1YZI
                                                                                                                                              MD5:940ED732BF865EDA62DC30F097D1430A
                                                                                                                                              SHA1:45AFFAD2A061DCB21911563668A9FDE44F4C13CD
                                                                                                                                              SHA-256:FB3D8F2500CDAC839A8A1CD8483A11FFADC20D71CBBBA4ABFC3387DDD0F02867
                                                                                                                                              SHA-512:270AF31EB67B6B19E8E20C9815D57535AC727EA2DEA72C1CB59B7D19845289DBA99CFFBB381313768D9D4AD545C4EBEEB09AAA307DDE18F57033BFB723E971A1
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/options.png
                                                                                                                                              Preview: .PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx..Zyl.U.....mA.E...k..r..T..`.(*6@....A$^..........E....G AA.pZB.B..r....p.......-...;..ZCd.......s..Y\..)........p1.D............~...l../..9.......t..va.... .l..!..=..{MI..4...q.|.=FH..mo.i..x.+.A(v|....J/1.gAv...Q~...rDa..X`Q.!.dI..2.h.w....5.(.6h:.;`OE.u.a.+.1&.&..r.."....LZ.0....s]...2h.V.X.G....@I%*.RS.J..;.....T.Y)..tVEb.!)ru...}0>I...8J...'..O.V.....N.$......3....0'p..m=.3Y....o5....n..3....$x...[...,..S......Q..<.c%....R.|.m.nu..u\...%.%sB....W...#-.B".~.B.\jAOS.+.....o..`..5...B.. .@AH...4.R2...b.*%x..x/.K:..[<......~..{.DT+....."........L...hF.Xz..3..+...'.iX...>.sW..3...\.{.g;....k..#...4..N...t.f.C!...5..8.....a/oN..J|....E$......z/JAd%.L...@4.>.U.H.I..v.Q...@....bH.K.&.....k..gv..=....&D..x.DK.s..II..}.!..............:.@+..A..WU..\.....'y.........U...qvX.....2...X....(.1j.E-.B1.w.V..g....M..?..p<.^.tJ ....Am.H^9.a.-5L.c...]...3..B..}(....d.<.
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\pubads_impl_2021062901[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):336329
                                                                                                                                              Entropy (8bit):5.4979853949800335
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:17F0x4/w25h0NHg+10awM1IfruQLmLCAJSwg39P7G+LwgarXt:4xxr9uLaxJy39Pr8gaDt
                                                                                                                                              MD5:F2DC4879B80EF68790C42C3F0958FC95
                                                                                                                                              SHA1:A0981897EAB0F18D0F658F29B7BEC2DDC4C462D6
                                                                                                                                              SHA-256:B3AF206751CC535EA2F272EE9C3B5A3D2CE8957A719C103720234C2A02472C26
                                                                                                                                              SHA-512:5FDC94896C61891BCF778B9E87173C58DB2CF07052E5F119E2673BFBB2A65CBCD33B688693181256548DD8238E89882B7030A1F382296064B59C3482BED4E98F
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062901.js
                                                                                                                                              Preview: (function(_){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa,ca,ba,ea,fa,ha,ka,ma,pa,ua,la,sa,va,wa,xa,ya,za,Ba,Ea,Ga,Ia,Fa,La,Ma,Oa,Qa,Ra,Ta,Va,Xa,Ya,$a,bb,cb,fb,gb,ib,kb,qb,rb,tb,ub,vb,Fb,Gb,Hb,Kb,Lb,Mb,Nb,Pb,Ob,Sb,Ub,Tb,hc,w,mc,jc,qc,rc,sc,uc,wc,yc,zc,Oc,Rc,ad,hd,kd,md,rd,td,wd,Ad,Dd,Ed,Fd,Gd,Kd,Md,Od,Ud,Wd,ce,he,ie,le,ne,pe,qe,se,te,ve,we,xe,ze,Ae,Be,Ee,Fe,He,Je,Le,Ne,Ke,Te,Xe,bf,gf,We,zf,Af,Ef,Ff,Hf,Kf,Lf,Mf,Nf,Of,Pf,Rf,Wf,Yf,$f,ag,bg,dg,fg,eg,kg,lg,og,qg,rg,wg,zg,Bg,Dg,Ig,Jg,Kg,Mg,Ng,Og,Pg,Vg,$g,ch,fh,ih,kh,oh,sh,uh,xh,Bh,Ch,Mh,J,Nh,Oh,Ph,Qh,Rh,D,Sh,Th,Uh,Vh,Tf,Wh,Xh,Yh,bi,ci,di,si,ti,ra,ja,ui,vi,wi,xi,Df;ca=function(a,b){b=ba(a,b);return 0>b?null:"string"===typeof a?a.charAt(b):a[b]};ba=function(a,b){for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a))return e;return-1};ea=function(a,b){b=_.da(a,b);var c;(c=0<=b)&&Array.prototype.splice.call(a,b,1);return c};fa=function(a){var b=a.length
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\storage[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1461
                                                                                                                                              Entropy (8bit):7.806113204330809
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:93qOSZVICK6qPaOvUpQ/7hwvSONPbFswjgodQWJFn/lVyfLP1HWkqub:4OeHKJBDjyvSOdmwBQEN/ls5HWkqub
                                                                                                                                              MD5:C6D43B97B02A1FC945C88F3CBB645609
                                                                                                                                              SHA1:4E253786BCF27FADDA2A999FE372519968F1A822
                                                                                                                                              SHA-256:D3768B9D6DF3F6BBB7E8440FC22E249D2048885E44A5CA8187B850C1A4CD3022
                                                                                                                                              SHA-512:3B0B8E154B44DBE2B313D4F2940E8707A3104BA0C83BC6FAE9BA5217DA26EB9C3DE332AA55205F132E68655E8AD782218D8640051ED6F0EBDC3C6A9061B90B0D
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/resume/storage.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...WIDATx..V[O[G..c...&./..P.$..MB.m...%.N...=........&...~A+....T.MP... .......ccl..9.Y...H /ya...>g..v...$I./9.S...N... ..T.....$d.&......D^PXP.r...H.T*.(.J.8.>.r9(....`0.....J.......l.l...o|.Rk....}h........g".` G.)**..k...X.j.3..d.......S.pDL.D.W)...v.1.~olz.....w..S[[[}.?.D..V.=.%"..y......3.).......vp....;...H..5i.'........S__.E......|..Q.}2>.........i.L..(Bnn...dj...n].Z.kll4.UJ..K@<....D....p8.V.yV....S....%...(,,T.....kj.a.8.R..d..}..D.4..B?q.c"........=.......O....CYy9TWWCee%...@&.A...8?.4...<.B...(JY.....T..j.....U.h.PZZ.U..S.#..@.....e..V.....<H..)8rN.F/..9!..22.l8...*..k@......qM~..E..$..........`.E.N.SVV.^.&:L0#$.fz.<..d..P(.uu..qQj.t.(...,u.(U*Q..o......d..t:C....kk.r^...X..^Y9.#.....*.^..8..b.(.l.i......@D`.6.....V.UX...h.X~...D.6...^O.......&t...... @ .`...|.1.I.fv....\.(4.....H..h.m...G..6..,....j,E....0.:.|.....455C..Yd...T.i.S.D1....Vk.......a..FcQ.K..&a..a...`.t.b....
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\systeme[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):2324
                                                                                                                                              Entropy (8bit):7.887056390234713
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:IhPG7RZdhxRKlNy1aWm4wiY3EaTJeTQyeS2z1:Ih+/3xRKlYFztwzT4cyeSI1
                                                                                                                                              MD5:4B96278270EC17AB767A668989C4F906
                                                                                                                                              SHA1:C4651AEC1CEA11042CBB78E7765FE5778D39B6D7
                                                                                                                                              SHA-256:36875AB32B094B7E436945EEC069C29466E6FE2F61A0EEC4E897AFC099D3ABA1
                                                                                                                                              SHA-512:E233818550D30C354228729EB368EB159BF9DFA7F5994A3F91B7DAE8D21DA2863F93820DA44A3191F4CCCEF324B8F00CA1A2FDCB1906EC624D20DFFC92C4920D
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/classes/systeme.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....IDATx..V{PT........KX.P.".(.C....1.5q...c;..j.6.M..IG.T'#M..........X......X.N#*.......,.>...{QF;..t..3.f.....;..;........m..LK&{....G$..O.6..-.9.......K.......|^YYY..b1.7.MR..K.g.^\.@..W,;...}l.J-.i..=..+?)...IK.....Y.C.B.B..`...u.#_.....>fnIII~q.%..by..t.n..X.d..../..>x....H.X....}..;....:-b.#0iR...2%...%yyy.93#2.e.''..GEF>e.1..U.*$>.~..Y.s..l..s...S.N....G.HMN2...Jv{.......G..#.j@f..Z..`.n...H.2R.N.Ebb.&.1...T*ei.s....~.....#....?R<-.Nfwu..?5. i...sF..h....5....(.....h.^_....\.@..B..@..................y...V.!Wh.%.... ....(.`~J...;2.8t.j..a...........x=..b..=6.._.y..G2p...../...f.|.yX....`u.X ...b.{o...{.0.&|..S...6.../v..QI.T.G..w.....,.J9/:*.r...R..u.W..EYk..Q?....|Z$$..s...y$n e.3$sF.C.?k..%.?......~..........d...sYttLJtt,.x.0..HX.....a...>B...z[E@.D@..N..M.0.*..$........K...;..1.......@...mU.]..j.yZJJvrJ*...|>.....?#*j2.|M......N7.....(..*..S.r].2&.i.C..T..L..L..k..@'.GQWW...8:..W~v~...+_T...<..v..S*
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\zrt_lookup[1].htm
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:HTML document, ASCII text, with very long lines
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):10178
                                                                                                                                              Entropy (8bit):5.4736397929046365
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:28di1oblV3nWkQO86/Mf085PIoZ+ToHCDZ2pridM:2tyDWsEfF5gy+TpZ2pridM
                                                                                                                                              MD5:0A37869DAD80436884288D9FD263E34F
                                                                                                                                              SHA1:A70DEFB0E96A5D81A2559D82AB9896FDA7D6DD53
                                                                                                                                              SHA-256:20B3BAD1427E2212DD847357841F993F025B5061C4AF1D382DCC727E102CC1E4
                                                                                                                                              SHA-512:6754AB7373A0BEFAE160A606EEA85DD0B8D55104D47DDAF3CA047DB2490D7193C4511D8D89B0E669CEEB91DD06ECD9193765ADB93935D69084FA1DE6F801B03A
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://googleads.g.doubleclick.net/pagead/html/r20210630/r20190131/zrt_lookup.html
                                                                                                                                              Preview: <!DOCTYPE html><html><head></head><body><script>.(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this);.function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}da("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String(d));for(var e=d.length,f=0;f<e;f++){var g=d[f];if(b.call(c,g,f,d)){b=g;break a}}b=void 0}return
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\analytics[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):49377
                                                                                                                                              Entropy (8bit):5.521008419138659
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:/yR3fYFBCwsNDsP5XqY0TyPnHpl1TY3SoavyVv6PU+CgYUD0lgEw0stZK:/y9g1r5h0UHp/Y3SowCw0sy
                                                                                                                                              MD5:042B7183D8645F5CF9D0D6ACD5FF8358
                                                                                                                                              SHA1:447A98467EA31E253ECB63EE8564C8B5E1E77D58
                                                                                                                                              SHA-256:73D6A5EA11FB7BF6E6A6CCD44B1635D52C79B0A00623D0387C9DDDD4B7C68E89
                                                                                                                                              SHA-512:72AA2F221BB5EFEC3A9C0CBC2D01DEBD827361369F7E84AA613D4CA70838FF68EA2C3300167FB263A4F416A857BABF0354A1FF8B3EC669BF88452633981CA18F
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.google-analytics.com/analytics.js
                                                                                                                                              Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q={},r=function(){q.TAGGING=q.TAGGING||[];q.TAGGING[1]=!0};var t=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},v=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var x=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var y=window,z=document,A=function(a,b){z.addEventListener?z.addEventListener(a,b,!1):z.attachEvent&&z.attachEvent("on"+a,b)};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\coin_haut_gauche[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 20 x 20
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):758
                                                                                                                                              Entropy (8bit):7.448773312814686
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:E8VfIPuPvm5alTEUNU4GskL5TkM7p3clnH+PEFPbrKw/oKO05MsKz4Ua7D5pw7uS:E8Wu+algwULskxpp3+H3FjrX5b5B7D38
                                                                                                                                              MD5:58D1EF5E4D9950918BADDD39CDD5F1A6
                                                                                                                                              SHA1:BA808305C1198333426F1144B4CC309308B5C9A5
                                                                                                                                              SHA-256:0D250FEB5FD1F1686D04CB8C78A6A1CC1F390605CCBB5B590371FBFE451949E1
                                                                                                                                              SHA-512:5B3880D6120B487D2B044D98595B97A1F5B99A22351696692B7680D102707C26BCF29CBD535D52BC22D30BF80B7513B4ADA02CDBD3D1D7B7321E41A2C74A7379
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/coin_haut_gauche.gif
                                                                                                                                              Preview: GIF89a........J..R.;o..V..H.V...F....*c......r.......Bt.b.....8m."]..K.......f........"].L|.N}....Ew.d.._...E..X..M.(b..E..G./f..N..................1h.....P.h...T.P...S.6k....4j.......x.........I.'`....)b.R..v..k...........Z....Ew....S........=q..L..O.*c.......|..j...G..U.......X..&`....Hx.......\...Y.3i.....Z.u..M|..L.....K.....E....Gx....+c.....L........D..................................!.......,............t.......V.$%...g.t...=OP.2W..t..'..G.[#..i.."4!.@&7..N.qt .0..Qb..].3A..k..a>.....`..1. .d.5.fZ.U.:T....do.IK.CB;(c.....0a..m...(.@.CA.&.....F....a.....EV.Q..F....x(.'...^.......Q.....M.6,..0....A=.H..A......p....%_*.!.d......y.....rZ\. ....P..pP...$.S..h...9x...z....(~..b....x.L..%...:.(.&.....N.2B...T.4(....)......I....0Y..@......;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ecrans[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):2552
                                                                                                                                              Entropy (8bit):7.908104740806198
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:0A7DrodpiwR/cigbzSll5NQt6M+VBjSnX4jzqkxTQ+S/0xY35/9ymc:dH4/cbzSFNQR+VhSnX4jzq0t1YB9tc
                                                                                                                                              MD5:18D833E44DF2DD742BE9188284C20546
                                                                                                                                              SHA1:644EE4FD678BDCA8B3F27A1C6E16D8A425F98C68
                                                                                                                                              SHA-256:06EB1DF7F5F99ACD74C86B0E47F41EF3DBA445E24883E64A33E667728DCA884E
                                                                                                                                              SHA-512:2CE913B73BA1439803E62BE8CA04974AC237F9003C58365C06A9C7F7C0CC070A6BB381EEAB3261DA908990214C88C1FB77C27FA4177B3E8D3101BBE429F15CEE
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/classes/ecrans.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....IDATx...yl\......f.g..c;..K.....%,J[..".)..E......H..".4@..G(.5.MZR5.5..,..8&`...3.x......{.s..'.1...+....w.s......w.5.Pq.cF..K..!..zDQ.Z..:..c.f/j.>....K?h4..H..qQ....5...5k..Y}].]uu5..jk.......M&.Yv........^...x8&l...b.._.8\......I(..0.3*..".M.."..r...;{..!.p..2Qd2Az.g.!. .'E{.. .}#cI.....,..z%....l.U...y..?..y.Q.....(.a...2O..i$%c...I$...$..'.IE.D&........_..9w_ I..=.8.w.k..2.0c(hG(.G..b.XV.......@..Qu.....r..ym!........z..r>.~.s.}..s.....{....kw..E.Y.....Z".J.. ...%..H....<N.>..B..b..y^.n..V..C.&@M."Dp..+.L&w~..'..g...c..l6...=.h>.`F...2+....@.b..?o.a.J.l.....@..B..{..{.IP).d...N..n...+..45.Z..S...b........M.`.y.>e..z+......i... ..t..../.X..#..K.=M..5..p..M?.Dc......]>.j...#...8.\. .[q..l.Q.G.UT............f..:.Ncpp.o..........W...-...B..2..W.c.....U.7..I..V.q...|.....&=.mV....u..q....=.H$.........4}pe0..ko.Q..2.|...T..cqV..W.8m.......$RY....sN.W...Xx..*...S..b.......G..tv......X...c......
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\f[1].txt
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):277784
                                                                                                                                              Entropy (8bit):5.512300070739565
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:DkHn6jxH8gd4ICcdF5VWjW0qydAvz3mahbGrxWQyPaJdOnXhKacDBHpto:b2gqICcdF52iqAvTmahbkV0cacDd8
                                                                                                                                              MD5:28EC0C791D6CEED5874946013989C66E
                                                                                                                                              SHA1:1DA65838CD547A33B3B5A3BABB8643FFA757B00D
                                                                                                                                              SHA-256:BEA65CFCABEC36415D41AD2D31CDCFECE92129DE0329D11AC0373AC623F07ED2
                                                                                                                                              SHA-512:BC6163516DF91553312388A096203A718A0764ADFC25E175A67F4D4C7BDF718FCF0A646A75D70899448DF2D2D79498E61B2773BDE8533F448E5CB10D5170FB21
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://pagead2.googlesyndication.com/pagead/js/r20210630/r20190131/show_ads_impl_with_ama.js?client=ca-pub-9949628778928908&plah=www.touslesdrivers.com&amaexp=1&bust=exp%3D31061746
                                                                                                                                              Preview: (function(sttc){/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var t,aa;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a}; .function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=fa(this),ja="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),u={},ka={};function v(a,b){var c=ka[b];if(null==c)return a[b];c=a[c];return void 0!==c?c:a[b]} .function x(a,b,c){if(b)a:{var d=a.split(".");a=1===d.length;var e=d[0],f;!a&&e in u?f=u:f=ha;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=ja&&"es6"===c?f[d
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\fleche[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 12 x 12
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):123
                                                                                                                                              Entropy (8bit):5.543481781708185
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CkGlpGB1GQl+zaXaaa/lwljr6spSgtd5im6We:HyW1Eea5dIS69e
                                                                                                                                              MD5:93EE8B1F523DAE138C009317F5901E5B
                                                                                                                                              SHA1:805A8CBAD70517540ED6DE3E57771B3230F35854
                                                                                                                                              SHA-256:41B3BAB569F3397D8CA19738D8CE5F4A0BE337F09F12E18B06AE71A6594B172E
                                                                                                                                              SHA-512:37A75C2DD7CE42B444CA4E7ACCA537B674F07D4AE0A38086997BED8486130902584DC495636FD4D5AE92EEF9860C2D9613513AEDAE5152B3ACA483296DB03C4A
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/fleche.gif
                                                                                                                                              Preview: GIF89a.................d..k..n..x#..K.g..z.................!.......,..........(..I....u..\.m.1.g1... 0....!us.%._gH...;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\fond_cadre_bas[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 1 x 20
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):96
                                                                                                                                              Entropy (8bit):5.495708073322321
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CBM0KVA2Hy8jGYF+YdmRa//liZCMJn:wCq23Gm+Yd4ZCMJ
                                                                                                                                              MD5:76FE5C98A87C786DD24C78CC83BE35C2
                                                                                                                                              SHA1:4A07827CBA888544B8A7F264B7991210044D7BE9
                                                                                                                                              SHA-256:0C69488DDAEC47BA919B9262CEC30872392161D1348CD927043CDC1665CC645B
                                                                                                                                              SHA-512:D4AD16750DF12671F54AC0131BCD5E8749958BB4F088B2F27473E9942E0F838FD2373B24EB8256BA2F513D5E31EE0177101B497BE099FE7420269FBEF6FDB8D0
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/fond_cadre_bas.gif
                                                                                                                                              Preview: GIF89a........L.{.....e..)b....;p.......P~..V........D....!.......,............I.DY..0.!..D.;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\javascript[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):28609
                                                                                                                                              Entropy (8bit):5.356446510786698
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:/Mqa7g7TkoETgshtGaf6wZKLzdLueRv0zZ7fxSlcRA5dQfSi7RHyum:/Mqa7g7Mg4Gaf6wZKLzdLueRv0zZ7fx6
                                                                                                                                              MD5:FBF6DB649596193E7FA1CEA3B4048F5D
                                                                                                                                              SHA1:81D4406B460EA4FEDBC14DD0582979D4A8134AD8
                                                                                                                                              SHA-256:5B98B036FF932A147228CEAED725CA868B9B6D8D502EA70575FCF98C87671B90
                                                                                                                                              SHA-512:5D00BD936BEE43EC82F41979D3F004B3F4B0F4EB23E9C5AFE54438292CDAD40693C9C42E8FAEA31EBBD97E44F23A468583F3FCD958168E443386A74D5049FA14
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/javascript.php
                                                                                                                                              Preview: ..function navigateur()..{...var ua = navigator.userAgent;...var reg_ie12 = new RegExp('.*msie 12.*','i');...var reg_ie11 = new RegExp('.*msie 11.*','i');...var reg_ie10 = new RegExp('.*msie 10.*','i');...var reg_ie9 = new RegExp('.*msie 9.*','i');...var reg_ie8 = new RegExp('.*msie 8.*','i');...var reg_ie7 = new RegExp('.*msie 7.*','i');...var reg_ie6 = new RegExp('.*msie 6.*','i');...var reg_ie5 = new RegExp('.*msie 5.*','i');...var reg_ie4 = new RegExp('.*msie 4.*','i');...var reg_ff = new RegExp('.*firefox.*','i');...if(navigator.appName == 'Microsoft Internet Explorer' && reg_ie12.exec(ua) != null)...{....return 'ie12';...}...if(navigator.appName == 'Microsoft Internet Explorer' && reg_ie11.exec(ua) != null)...{....return 'ie11';...}...if(navigator.appName == 'Microsoft Internet Explorer' && reg_ie10.exec(ua) != null)...{....return 'ie10';...}...if(navigator.appName == 'Microsoft Internet Explorer' && reg_ie9.exec(ua) != null)...{....return 'ie9';...}...if(navigator.appName == 'Mi
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\option_demarrage[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1039
                                                                                                                                              Entropy (8bit):5.735189013161626
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:tjeQYpTk2Ro/v2RDxCoxNVxGZyGgfLLRvpBFQEEyUYnPacmjGSM1E:IQ0TkHnoDxRH2yGgfLFnFQEEMic0Gh1E
                                                                                                                                              MD5:86D1C8F1D03361FBAFFA7D510FCF741A
                                                                                                                                              SHA1:8B96C6AC221D6F97E9E9B9FDEC3E95229198B9A2
                                                                                                                                              SHA-256:45F55ED174CE419D4583BB5AA861D6605C864E3B313AAC04583EAED7B7059E25
                                                                                                                                              SHA-512:2EFF160D028ABB73417CA83CAA71A953C378971C920C5793D2DA15C6482DF377FC30A0EFCDDAB956D5475ADC72830767BA054EE6E3EA981E2C99E90DCF5A7CC4
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/option_demarrage.gif
                                                                                                                                              Preview: GIF89a..........8S..................dq...............;.&A........O..................................0@...............................&?.....H........=..................?y..........gim(Gt......"<a/C^...=CQ.........L.#O....<Y.....=.......................................................TZf....D............1Q{....Ao/A....;=C...........................AFR...JV..............................3.HMZ......`.@.BY}.........................................................................................................................................................................................................................................................................................................................................................!.......,..............X....>..t.....n..`. @.....Q.@G..9,b...A..\...PDdC...1! ...@.\.X.......\.s.....v....h..4.<.c4...YF....M..-..1..L.8+...q...+B..!C......8.......$.Rc...?...C...:H\x.c.o.Af. r..E..T.p....*4....A..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\option_rss[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1085
                                                                                                                                              Entropy (8bit):7.019133672798381
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:GuWGTPxqr24VzADSskVoooe5hAivkQ5HoH1:1vj49eQVVh5kQKV
                                                                                                                                              MD5:7CEB3D6E2A6BA71E1FF4DEFAFADA2F46
                                                                                                                                              SHA1:3882737C518CAC57FE9B6D68DB2125D7D286CF7E
                                                                                                                                              SHA-256:3561DA5EF20565EC264830E67E282FF04D782183C3C86E76421A6B03299EDF26
                                                                                                                                              SHA-512:E968D1AB1810E4DB05D9D136F9C3D85C7E670DE7B861D126BD72BF7672ECBA998F471D85FEFFE3A3B99B2A8C89C5EA6F85692B380409A2E712EDB8819DC5CF36
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/option_rss.gif
                                                                                                                                              Preview: GIF89a......................../..0..4..8..8..9..:..G..R..S..]...............#../..7..8..9..9..9..<..C..F..]..^.._..s........................%.'.0..1.1..1.3..6.5.6.6..7..7.6..8..8.7..9..9..:..<.@.C..E..t..t..w..|...............&.).).*.,.-..2..3.4.4.4.6.>.A.?.@..i.z.................-..-./.0.0.1.2.3.?.=.>.?.?.?.>.>.@.@.?.B.K.R.`.a._._.`.k...............s%.z*.x*.x-.}1.~3..4.~3.>..<.=.=.>.>.>.?.?.?.N.W.h....p'.q).u0.w2.z5.|:.{<.{;.}=.~=..>.}=.V.W.l........h$.m&.k(.o).n-.p0.r3.u8.y;.x;.w;.y<.N...b".g(.j+.n2.J.~L...~.....^ .Z .^%.f+....U..U .[&.Z'.d.............................................................................................................................................!.......,.............M...$Jv..sgK...@.zU...+Wh...a..i.`.b....'-n..@..?.b..@sL.!.4..`..$D...JA...4....4f..A"&....fLY.f..=.....AB..E..I.I...4..x`.D.Bx.}.....!#(.@..G...8.*.GG....L..DJ....:.'..#..tP....b.....EF..%
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\plus[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):323
                                                                                                                                              Entropy (8bit):6.996682098827877
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:6v/lhPkd5nDsp7JOhDJE6T2JX+YZ+2TOGsj60Nfw7k20R0JrFjp:6v/7yOROJPT6k2CPG0Nfw7/0iJJN
                                                                                                                                              MD5:B0CAB0221BE8F354F593A7E0C55B0CFC
                                                                                                                                              SHA1:F122C70B312091DD06B9A253B680F1EAE02EE951
                                                                                                                                              SHA-256:50B47EDCAF67166B3F97A97F9A4D90476694223DDC33AC493038051C21101C37
                                                                                                                                              SHA-512:D20EB00C48528D201D85507818C9034518BC695726F4C8EC4B60575BAFC58620A1E0878F3ECEDEEE23BA580BD682A51CAAEC01A4B1F12E5E452D2EAD77448D74
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/plus.png
                                                                                                                                              Preview: .PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.|P..D@.....(..Ft>.O...N.;T*.F..$..N.'.+..N"Vv..3g.=s...A..:c..#.e!.=.#._..mI.eM...TU.p..qR..."d....}../..z..,....(..i..Y..a@...(J...0..$Y... ...a.Y..y..1..q.....((:..n....4"...4M.e9...W. T....,.#0..$P....a.S....|v.@<."....IEND.B`.
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\titres[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1016
                                                                                                                                              Entropy (8bit):5.86443252822339
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:PuKkxdBYM0aR69GdHmenlR5fhiOPHkxfWDJmWukQp1/ktijOaaO7rnq5aw6yXJZd:PyFYM0nQnn75fEOHkJWz8/5iaaJ9J6An
                                                                                                                                              MD5:64662C06E79D5BA2A7FBF0E59A77A3D9
                                                                                                                                              SHA1:35B9E7EB489C92F076C7CC86F47BDCFBCCD9BAC8
                                                                                                                                              SHA-256:218DE8AA4E39FE2E929D901A264C38B604C56893222DE282FD4A3913A185F5BD
                                                                                                                                              SHA-512:1FDE8F7A88ADC80F01AEBA1B01D85702D51165C321B4D441B14E56CE550B81360BD80A9DF6DE8DDAD5950AE49F890D2BA8615C009346958987041C24C2117ADF
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/titres.gif
                                                                                                                                              Preview: GIF89a..........................................................................................................................................................................o.......................a..........s..t..}....v...................y..y..p.....x.................C..Q..d..A..I..R..p..j..K..j.g.................?.8.D..:..9..S..S.T..b..[..]..]..D..o.._..u.|L....Y..Z..............j........x..............Y.~H..R.......................................................................................................................................................................................................................................................................................................................!.......,............9..H......Ar.).@M#.:a..."I\..r..%.nVT.pAF.+K.l.....N.b..a...3N....N..P...G...<t.f..D~Lp..C...j.!".....&..K...M.1.I...0..Y ....<z..{.....}ar...%B..1.g.....\.2.L.;^...e..7v*.S..!8$.@ 0...K.
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\usb[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1125
                                                                                                                                              Entropy (8bit):7.818938363635054
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:ckwxaWzKaE3b+7xhy4zT/PAGcZHEYrj91mbNG4i62V1qIORXNPoOchJwW227:6xv+13aNo43p1YrpyNvi62V1qIOdNX27
                                                                                                                                              MD5:DEB8BE8E772CB97EA6B2FA4F56471CA3
                                                                                                                                              SHA1:C6C5CBC200EF6DC15B46AA426F2A909685E504F8
                                                                                                                                              SHA-256:0D021445DF903C57A7DE927A542E5E5EEC7373B71B2C156DDC598D28017EFDB7
                                                                                                                                              SHA-512:0C7B2D1A264015468F5811807038A5D9605AC9322B530EFA9D727E4FFDAC09EBE6D926C40EA4C25C5230AA15BECC339E094B7B4E7A15515ADAC1B1C0F2B857FE
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/classes/usb.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz....,IDATx..TkL[e.~......r.F..B......s.C.....1....F.. 1.X\b.....G.f.....ua..dq3..@`....=PJ;z9.-.......<.|'.}..y.....C.1.">..'.i.U..&..Hk:......3&.y.............../.......q..d.....~...8.j..&Z....7.........db.|.i..../X.. .J.I..]juz~.&]..hd..g..8.....A...wB#.#..].....I].i.....i...|.;......l.b{..bKK..x.....,..$Zj.FYl..H.UU.......U...H.........L[C.~.e...R..I.I!....I...AaA>.j....[.]...c......y.Iy_.-(..&IY9.q................u5.N........4.4p...i..9]....u.m....T..2.,.mD..6.D.U..0..F.}?.Co..X^^......t.G-...e(.<.Q..P8LLN...5...JHKK...P(....h.i.4|'.!.0.q..A.`(.R.$@Q.....c.x........a...S.N.{.d..\..~.4j....p.|/...%XXrAfF..dg...2.\..SSSXI.$"*..+R..&&T.....x[./4E.VQ.....h.^'...`,..T.i...........!....h..s066..``....Nh..y..........w2..J...... ..a..{....}8.xX.........A.QO.....8409q.w....UO ..c.P.g;...@J.1...>..=.....*.@o0Br....5..D.L.........W....:.N...37. ....|.I......pf+F../..+.U.........,.l..`...A._..=XZ\...ZX.x....S"nD....?
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\cartes-reseaux[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1320
                                                                                                                                              Entropy (8bit):7.822834708351263
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:ZJJJPox0YTr+hkpZ1ClmtPK9AYn4FsD/KC5ayPTNewaYQbgw9LK2+uuiecboO1:3J5oB+s1ClmFKiY4yD/KCcyPxeClwk2d
                                                                                                                                              MD5:A2AF4E32BE5326B570465E1689CD628A
                                                                                                                                              SHA1:4F01D503D192D07458997C185207F62C6089B393
                                                                                                                                              SHA-256:28D2CA0C449AF087B5BFB75577CC4A8A08A60EFF24F025D31CCCEF45F01D3712
                                                                                                                                              SHA-512:879C038AF6F75309616548D0AA607C198DFEE07647DCC011856828183949C37DB083849792BE3199F50DE52E05D4D6F1402BDE67FCC76F2C2651B5B32DCFF59C
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/classes/cartes-reseaux.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....IDATx..W{L[e.?}...-t.F.#v..)..#..if..6.h ....Kt......d...m...%c.C......._...:..e<..(..BK......[.0{..'.q...}.;...]...54|.......LB..#./.577[...N....V..nj.6=... ...b..1.XI...K.Z[[_.j.O.^V.!,..%..G....-0z........D.|..,//..s$-..,f.- ,...^..-._.-%iP.........0/I.A._........5_(.T..S..D..W....@.....w......X..t.>.S.G"B.EH.Q-I.[.n..... ..}.d..\..8.....n.e .@...X..<......022y9..yH./F..M..(.....qw.....=.YPf.......tc....T....d*..@.k....l..#i..@d.O..E06.3....8.........}}Ca.)9..p.9.<.........%%.YuumE.l..du...GT*)..-}.T*.H$a0.d.P,.T.........b\...s...L...x ........Y.>..|...\.d.t`Qc\k@W\|..../...?.r-..ir8.............'..!L.ka..]....UTTG....3.w....z....69`.d......N..=je$......<................7...u..6;../^b.Q)|6.+....VUU......7;..6f<.d..%6...Vb.....Mhjj".l....{..%.l...X..........vvv......{...SA.Z[H."*.\.....{K.b.GN.Jb...#GJ.2/...........I......a..J6q...R..d,.....8q..rv..Q.V.x...f..X.3#W....*>..l$...VV.../...,dB.h...&.H..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\core.bundle[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):322912
                                                                                                                                              Entropy (8bit):5.335646858089646
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:1CcY/QFb6ncS/ebSEIuB3wZdFkI1VGPeQ/yoaMSgh1oUKgi4cwcAd4o:1CcPuFGPXqoHci
                                                                                                                                              MD5:EF40427DE4D853AC6C7DF003FEE68F17
                                                                                                                                              SHA1:0CC88A0CB14EBE3A46B7A7312E1A9DE94EBA8B19
                                                                                                                                              SHA-256:722C50C6E8C66E55DC3BE656D1DEE0D0091451A65F012259508AACC81E87C1A5
                                                                                                                                              SHA-512:7386CC1B2B41685141BB5E0364680B531BA67B7C40D72B18CDE8533241A73FAFE4030CA47E9EB1508D1984A26AE25428A40DC588F33266A195F4A0447079EBE2
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://cdn.appconsent.io/tcf2/28.4.0/core.bundle.js
                                                                                                                                              Preview: var appconsent=function(e){function t(t){for(var n,s,a=t[0],c=t[1],l=t[3]||[],p=0,f=[];p<a.length;p++)s=a[p],Object.prototype.hasOwnProperty.call(r,s)&&r[s]&&f.push(r[s][0]),r[s]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(u&&u(t),l.forEach((function(e){if(void 0===r[e]){r[e]=null;var t=document.createElement("link");i.nc&&t.setAttribute("nonce",i.nc),t.rel="prefetch",t.as="script",t.href=o(e),document.head.appendChild(t)}}));f.length;)f.shift()()}var n={},r={10:0};function o(e){return i.p+""+({0:"Consentable~Mandatories~Mandatory~Privacy~StackDetails~VendorsScene",1:"Banner",2:"Consentable",3:"Mandatories",4:"Mandatory",5:"Privacy",6:"StackDetails",7:"Success",8:"VendorScene",9:"VendorsScene",11:"ui",12:"vendors~VendorsScene",13:"vendors~ui"}[e]||e)+".bundle.js"}function i(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.e=function(e){var t=[],n=r[e];if(0!==n)if(n)t.push(n[2]);else{
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\devices[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):2908
                                                                                                                                              Entropy (8bit):7.916331340776394
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:taC1HzBbjkJmPsrogzL9YaohHIF2yJiF1i:XtXFPs7H9AoF2yJiFU
                                                                                                                                              MD5:FEB8F633A2BFC01CC571526E9AA0926F
                                                                                                                                              SHA1:718F32D2F40B30E39E41BF8A09F6B610383AB168
                                                                                                                                              SHA-256:D5EAFA01511DDCE1D284306ED3362578EEE26D7FEB0CFB9D5FCFD701BF00275E
                                                                                                                                              SHA-512:ED5C56E1F83C9023664A309DE0E7A35D67FC1C2CEA712B7292C4326B775CB8F7AA6C7C60119CF58FAD8325FEFB04CEC54825FD49B874228255890B4D5C957637
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/devices.png
                                                                                                                                              Preview: .PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z[l.....;.......l.......&1$5.M..75..P...Z./.U.ZEU$.-$.)T..PD.D.&j(..&.................=...4`...~........#.../.!..~|..K...P.I4.../...q......7m..C.....%g. ...9.;ssq.|H.Qm....v.hgg.T*..g...B.POO.jjj.H......9f.7....|.`%.6...b....y...A.9..4d.#G.l...<..D"s..e.~.....(..V.. .$.#....*..\..k.sq.XA.....$.::...eB...<...;..~.n.C#..4W...WP..T...C...H....,.....H\.r:......`...pg..fz....x9.......Y....[...y..`.<..E...n..0z?...8.N.&.d..PP.n4......B.=J|.5.....,......Qh.5.g.d.u..gA8......R...(.k).-..X..4...=/*-.]....Du..;YA]..=Mr....".....+ =+....]........g.l~.B!444..+.z......^....{x...}2....4..G!/......q..YQ.Q.*.p~..Kv.E"3...._..|Y..u<.......`.ooj.mo..><48....-....w..N74n.{..mm;......-.8..N.<1.&...>....QxxT..+..@...jw....m;w=.~..z..!..m...v.A.....7o...J!.[..H$...e...vjtt4F...}.+...S.;...K...o..5.B.4h._..N....R pD.f..2..L.u....q...hAa..N.8...O......L#1._.\O|..u...Z..z<..
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\disques-durs-internes[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1289
                                                                                                                                              Entropy (8bit):7.771537600081928
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:OVLUao94DAq7EVtLYphu34U6t6Ox5DlF80jt4HccG9SuIGC8Lx9OqfTSCW:Uz1Dp78tYY4UkLBlF80j9SuIYxIgTxW
                                                                                                                                              MD5:64804589C24B89169B0E21ADF20B707A
                                                                                                                                              SHA1:90F583E900EB6550FEF58D53CCFFDAF33CC7D8FF
                                                                                                                                              SHA-256:3B9BEF5C6192B1167D6CE3DD1D8DC748A2335740255356848295A06E6B0D64AE
                                                                                                                                              SHA-512:800E080E5C2150E6A55F78B840327A506F39C96A25A878BEAF88BF16F419E597BE7EBC5CC682A8F1B5684C3F119D6E30EED88181021E36FEF3D4D3DA04DFB277
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/classes/disques-durs-internes.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....IDATx..ViH.W....8..w.....Q+.P..\.......K.6b#tA....1.....Vh.HA..R...RE.u...d..1u7~=..ZHC..)^8|...{.9....:..:.......)--........[...zRWW.mJJ......H1..f.zYPP.fhhh......K.V.QVVVBHH.......-...B...X.8666...Cmff......-N.D...5.M..W...4.........@kkk+ooo....$......LLLH.R....*===.33.}."22Rcii.B.....[(!.H@............. @...488H..........-...+..............ff.........m.....iG.k..MHH....!......`...Sss3UTTPLL. s.`u..bH...B.....555.........-.F#.3...'......%.'sss:88...=.....;::........icc...#.$...y.....U.).>....<.-.$I..666.2...D..D...DA............)._....;&..omm..7...=..~!..H..o...... ..R... .n.....4??/6.l..........$...999..c(.J.....yyy.'+....9j......}4<...E.NP.......<.........!!;.".z^7...$K...'.mnnR[[.edd....MOO.'....L......Mcc?..bm...nP..Y....|........]...SSS...!.......2....e.2...E$..S.9. .x1.{....&&...},?.Ab=.(........n............O H.......9./t`%,...x..._.....o.r............a..R..}.O;...m.y/8882;;[....6b+....G.H......1tzQ.g..LMMA.......
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\fond[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 1 x 110
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):531
                                                                                                                                              Entropy (8bit):5.236762969184709
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:KZv24QEdpyJfKDfyFBaKylGmsYgOR+TINwi9YWbHUXS6L9lDh15lzlJnhlP4Bf1h:8OHGoJFB5xCoTwHYc0TDhfnp4af4p
                                                                                                                                              MD5:65894FBCA40316DB335F6C46489D6A82
                                                                                                                                              SHA1:21D15B84CE95C348D3539327369CAF434347B1F8
                                                                                                                                              SHA-256:2B540D49D5121A63B206F73240713D331A8A308CFB0D89860773686C63ECF32B
                                                                                                                                              SHA-512:BAA7A6080A72C45792408EDBFDF7EF567D12F6CAD322FC6911AEEB3EF2F35B423754B37BB020BFECD4E09ECF0A9DA51FD9DEBF0BCEE15AC8595B8912AD09651D
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/fond.gif
                                                                                                                                              Preview: GIF89a..n.....;q.B..@{.9m.......B..@|. <.!>."@.B~..3.(M....)P....+S.,T.'K.2`.3b..,....6i.&J.7j.?z.D..1_..'.0^..*.&H.3c.C...'.."..;./\.!?.C..*P..9.#C.)N.0].=v.7l..2..8.$F.. ..!..)..7. =."A....(L....,U.2a..%.:o.6h.>x..$../.-X.<t.=u..6.>y.4e..1.<s..#..(.....:..Y..".5g.:p.A}.D...,.&G./Z.$E..0.#D..%.7k.4d..5.;s.>w.+R.-W..*..............................................................................!.......,......n...p...<..O..45%RMC]?.$N6 e.W.:D[K1.`H72+P&.8.(.9,\Z3X!..;.-.*c..=dEQY'....>."_JSA..^0..@T..aLFG/bBI.....U.....)#.V..;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\fond_cadre_haut[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 1 x 20
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):96
                                                                                                                                              Entropy (8bit):5.537374739988986
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CBM0KVA2Hy8jGYF+YdmRa//lRE:wCq23Gm+YdvE
                                                                                                                                              MD5:4B71B963E4B535A7DAEBCE91951D8032
                                                                                                                                              SHA1:88F22E4E042B1ECF2D09EB4F5BBC3F540391E7FD
                                                                                                                                              SHA-256:E445A6B92FEFDA7B58D77E741F18168EF9F6E60E26293EC30B8B68AE8BE02BAA
                                                                                                                                              SHA-512:94514D2E8E682D9031DBD4ED2F3CCF1B00E58233A93704DB048AD9823207D14ACEAA891C1BF3D3452319B3F33D2B52C5346AA7EB01A70DF5C44B077A7B4D3658
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/fond_cadre_haut.gif
                                                                                                                                              Preview: GIF89a........L.{.....e..)b....;p.......P~..V........D....!.......,.............EL.....@O.F.;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\gpt[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):70017
                                                                                                                                              Entropy (8bit):5.631218215251697
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:uJstHwjMlwyx03j/m9DwwjuqfFBBPLNVtxirPtL/iS:6s9wjOC/mPBbTUPtLf
                                                                                                                                              MD5:DAE2D8F68E7C0DF6075F47CFE46F76EB
                                                                                                                                              SHA1:F4FD399EC1D8B64E3C8060FD816077F90A931445
                                                                                                                                              SHA-256:2A4FDC9B11DABFBA0B95C811036BE6523C8502F43A21783F0C55E91958BDABBB
                                                                                                                                              SHA-512:FFD060439FE75B1BDF0BD10E3614C65E42673634702E8FCFB1D60270F054AC73B8E89F8D9EC97FCEB7A255D492DBC5DC5755D7EA2213BE12DD67B9DBC1F3CFB1
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://securepubads.g.doubleclick.net/tag/js/gpt.js
                                                                                                                                              Preview: (function(E){var window=this;if(window.googletag&&googletag.evalScripts){googletag.evalScripts();}if(window.googletag&&googletag._loaded_)return;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},da=ca(this),ea="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),m={},fa={},n=function(a,b){var c=fa[b];if(null==c)return a[b];c=a[c];return void 0!==c?c:a[b]},p=function(a,b,c){if(b)a:{var d=a.split(".");a=1===d.length;var e=d[0],f;!a&&e in m
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\index[1].htm
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):39056
                                                                                                                                              Entropy (8bit):5.240538189249216
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:SMuWsR0ToqiKlKilKit7aJHfc3eN/XjcB7utVMEvAi6dCCKDCU+75Mu1l6H2aQil:SuDToqiSzlzVEr+7H+65cB
                                                                                                                                              MD5:54EA94F9B16797296F0E34CCFA9C7E6D
                                                                                                                                              SHA1:07083D67A091BC5CDF8AFEBDEC2ACAF93DF726C2
                                                                                                                                              SHA-256:F06FAED5C678C840BDB779640BAA9E7CDE432DA4BC7A4DA6DE2DDB43B955EFFA
                                                                                                                                              SHA-512:B05CD09C6AA74EC9F2A9E70269C397A1172D30E698B959117A43B3D627680A09DE6BC37BAE8FA48A0C7B50884FCD7B0C14EB0253F3B10708A2EA6F7724D3CABC
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM
                                                                                                                                              Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">...<head>....<title>Mes Drivers - d&eacute;tection automatique des drivers, des pilotes et de la configuration</title>...<meta name="description" content="TousLesDrivers.com permet de t&eacute;l&eacute;charger gratuitement toutes les mises &agrave; jour n&eacute;cessaires au bon fonctionnement d'un PC. Les drivers, pilotes, BIOS, firmwares, utilitaires, logiciels et applications sont t&eacute;l&eacute;chargeables rapidement et facilement gr&acirc;ce au classement des fichiers par cat&eacute;gories de mat&eacute;riel et par marques. Plus de 1500 fabricants informatiques sont r&eacute;f&eacute;renc&eacute;s." />...<meta name="keywords" content="drivers,driver,pilotes,pilote,bios,firmware,firmwares,drivers carte graphique,driver carte graphique,drivers carte son,driver carte son,drivers carte mere,driver carte mere,drivers im
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\manettes[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):2140
                                                                                                                                              Entropy (8bit):7.901809119079006
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:SCuLCTgRuNknMXnumq6k07OHSbh6NeJ9SHbaMFpdy+7pdIBxImz:S0ZXqd07lbW8S2m8Vz
                                                                                                                                              MD5:F703CC1FADF387E3AD3543AB6166DDB5
                                                                                                                                              SHA1:85C8F512D8B3951F51482A88764D14CDA09F745B
                                                                                                                                              SHA-256:93047161D6B912EE525228FA1B1BB183D169FA28AFD4D81EBA482D83BCA65708
                                                                                                                                              SHA-512:7EB8C02D8B379471571976BC44A5220688416DDAC1257279816EAF01B6D812E8DE61944611801B2691709ECEC806F9B4846650DED36A74D773C7AD6A353E4868
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/classes/manettes.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz....#IDATx..VyP...~v.]........K...9DP.rU@.%.5....hD...5.&..<.jl..)U)VGkt.JHL*...C\.Z..e..~..hF.8.....g.ov.}.y........0z.....&01iM..-...?\....21u.[..c..3.cV,[..........|....Pa...9.:9.D...*.d..R..Jfalm%a..Fl.....XFF^..]Lx...Qq..JO.....b......e...+=...?/T..N.mj.v`..]..vh.]...-...wuC...#6.m)...1..A.Q.....{e....m....N.7=.v...rW..?f..z.......=.b1.L...<..|3...0.1..A...[.B".4...L....z.._..1~.x..........<t.".k..Ox.X.3*>.....x.Gk....A..&....d#...C.8.8]|.o.Bnc.x....k..z.....8.(...:\.......~g.).H.[...<f..l..Z.&5P1.F...N...Z...Q..)....z.z.....&{L...l..Y?..U[........<0.....|Q[p.wK.p.....1.Lr.......b90.>}d...L0....1f.4A..@}G.2......n.C30....=.U..l.Q.>-,....F.c...G)/8.#.x....`.^..X.'.l....a.@...oB.p.m..../.:I.-9x.R.I..0.[......>\...sW.|...~...........o"...JI.d.....H..../.s....hi..;.Q]..L...Ssx{.chd.e.=@HH..l.@7..u......V....j.u.B:...=0a2i......_mA.y:*..@.....BK.r.7.Z..E1..n..t..Z.6........!....l....(*...E%.....Dcs...&..N.^
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\mes_drivers[1].jpg
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 180x60, frames 3
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):5078
                                                                                                                                              Entropy (8bit):7.889414565056289
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:D0Z2+/jO9GLDla5SRLh2G4aRiRPXqHtEAip5eB4fX7n8jhV:f+/yola5SRLgPkiRfqHtja8jhV
                                                                                                                                              MD5:A1EC386AD35E52BBF7378F43ECAA3F05
                                                                                                                                              SHA1:584CBE8683703F0C030AB8E2EAE384DECBF8F5E0
                                                                                                                                              SHA-256:C1134C18F6CFA5025695E819A60322E14145502D75D4AFF8175C0557184BC6DE
                                                                                                                                              SHA-512:BE3E532E56CAC977AE57ADF278C1F37EC645EA77F3E9E61A9C4FE72A143B0497760FEE0FFF91726DDAAFF7CF4DB639EB21009CDB89304EFBEC70212A1D0F6B95
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/mes_drivers.jpg
                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......F......Adobe.d.................................................................................................................................................<.............................................................................................!...1A"Qq...a.2#..BRb3...r$..c..&V........................!1..AQa.q".....2.BR.....b#..r................?....(.;....c4Sm..f`.........../.$U...T.._.......D...J...Ob.H.......B`rJ/.mj?.#...o<..L.sn...S.p[^h2%.q<.<.9~..Sm~..O...,9W.{w.l.cX.N[..........<....2.......J.S..E....O...../6.@B.h..(.Y..&.0..L"a...D.&.0..L"a...ER...H..Q.9%...W...5...OQ~.<..&W.....0..VP^.Ft.J|.L.}Yo..3_>.....I.........z...!n..z..$.HD.S........L.5..3.?.8...`.,yrB+.......I.h^...(..@.F.`.....W..s......5M..y....=..].wB.\...l.A........<.W....x...0.Z^...=.x.xc.9x..........Qr.u."a...D.&.0..L"a...D.&.0..}........58.F.x.<h.:^.U...g,..!..Y.+....t..d...y....k.E.M.2.#.|Um...5;+y.l.?=.. `.,..y..:....c..5."...:.....w.c.<
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\option_envoyer[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1051
                                                                                                                                              Entropy (8bit):6.527634676403194
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:EOCkWvrEYcl8I+VyIFzyz1HzWs6xNVnSZ4usE:qQviLyIFzyzxzWs6xNNSuQ
                                                                                                                                              MD5:6B8E1CBDA2E2E7C6851BC9272DB2F156
                                                                                                                                              SHA1:C5D8D19713599F5833C54D1E90C7FB6AA4018691
                                                                                                                                              SHA-256:F3FBE24E565206A92046F4FFB55A571FAA054E2005FF257C8EB2B06FE33986D7
                                                                                                                                              SHA-512:9AAAD2EB13B5993E8FA88C749E8426B317413190D06E0B25C905634DC101383EE938C84FC88F1B51EDBE44A65E31DEA6C45A2C9F1DBC36755DF5BAB608E9B1C5
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/option_envoyer.gif
                                                                                                                                              Preview: GIF89a.....................................................................................................................................................................................................................................................................................................................................................................................................................................{.............................................................................................................................................................................................................................................!.......,...............H....*.8B..Q.l18.P .N.J..5K.0....B....Z.|..6..@..L.E..`........a....t.R.P........W.2a.D.&O..........6.Ze A..X.1...O$:M,D.$...j.....O.F...14I..99..aR."DO.<r.h..CrlPA.....A.%...7o...1#M..q
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\option_favoris[1].gif
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):574
                                                                                                                                              Entropy (8bit):7.212915520705348
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:n/5P6ClLzJxG4CvFCr18tiprYFSpWKJcc+hcXTCfoxhJTbttCVmrhKPSWe:n/NzJxkFSJpeS8c+qjiattvoPe
                                                                                                                                              MD5:E4EDDF2D20FCEA5320963A52F0C73D69
                                                                                                                                              SHA1:099519A5E939D9DA4099587BDFCA7196F4FDD5F7
                                                                                                                                              SHA-256:5C1FADC5DBEE4BC7EB75BE521D7C88E4C163B48E34383AB4E3FB3DC2AE8DC695
                                                                                                                                              SHA-512:1785BC70EA8A40DD4B66B2536AD1B41C472579D2A5758E85D047755B7F218D5490CC7E03DA62B6AA70E9C355EDC9C564953432761216CD5A225D7AD388B030A1
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/site/option_favoris.gif
                                                                                                                                              Preview: GIF89a..........................................i..{........P..a..m....@..W..b....?..J..L..R..R...........%..&..-..1..1..6..<..F..b..c..i...........................................#..(.)..0..C..J..L..u...............!..d..v...............7.<...(.....4..........,..0..>..C..F..M..M.s....-..>.f..a.e....K..b.._.{.{.}.{............^..h..p.....................!.....{.,............{..{l`...b>..{J8d..u?1Z..o(,U..a%.Fi.\=*.+MI06.LB@G<^zT9....C"..../Oj.cN$#25....:[.tX;.....Ps.kH3....].h&.....Eq.yR4!Qf..Dm.w'-S..Y..J.+7....$..D_.$rsF..@.;
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\slm.prebid.touslesdrivers[1].js
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):16749
                                                                                                                                              Entropy (8bit):5.409147335144714
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Ti/kOXmXC38F7DJgDfQf4Dsyfxv0ZqJBt:2MumX7FIt
                                                                                                                                              MD5:89E6092876ECDD0820176584BE14BE40
                                                                                                                                              SHA1:FB30F0DC022C6526F1C0E6BBA455B74F941526E6
                                                                                                                                              SHA-256:5C1EE526F487606C846F5465C380C9D6B86241DE0DD58CB7915DF2F75BF025FC
                                                                                                                                              SHA-512:80BC92FC5D8DCD8BDB413BE484209CBBF7D3B4F4504D818F7D84A218E5ADF2673CBFA183195E5806855566A742D195FF6C084D8EA0CC51548F87035C256426E6
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://ads.sportslocalmedia.com/slm.prebid.touslesdrivers.js
                                                                                                                                              Preview: (()=>{var e,a,d={},i={};function r(e){if(i[e])return i[e].exports;var a=i[e]={id:e,loaded:!1,exports:{}};return d[e].call(a.exports,a,a.exports,r),a.loaded=!0,a.exports}r.m=d,r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a}),a},r.d=(e,a)=>{for(var d in a)r.o(a,d)&&!r.o(e,d)&&Object.defineProperty(e,d,{enumerable:!0,get:a[d]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,d)=>(r.f[d](e,a),a)),[])),r.u=e=>({1662:"slmadshb",2937:"instream",8216:"advanced-video-player"}[e]+".js"),r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.hmd=e=>((e=Object.create(e)).children||(e.children=[]),Object.defineProperty(e,"exports",{enumerable:!0,set:()=>{throw new Error("ES Modules may not assign module.exports or exports.*, Use ESM export syntax, instead: "+e.id)}}),e),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),e={},a="slm-ads:",r.l=(d,i,s)=>{if(e[d])e
                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\souris[1].png
                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1542
                                                                                                                                              Entropy (8bit):7.8247839964894865
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:7A0APoLZo9zlYwn/bu6BMDyeADrNei3d5709ddSTwEj6oKWtHEGx6:M06oL2zDu6imfDrgi3wddUwM7KMEGx6
                                                                                                                                              MD5:8158744CD7509D7AC5B58AF7154669D5
                                                                                                                                              SHA1:5462F27B98223202FF3B900C922DDDC19ED8B34B
                                                                                                                                              SHA-256:6C9736223A39C89BF37ED59BB818A0F47F627DFB1E149C87215FAE07F245DD44
                                                                                                                                              SHA-512:57674061DA6B06D54A617395C30CE050DE1A54AE134C9988A8BC17106A42C12D5B1A7838CE0B3896DC99E2BA9E8C406F239A61069CB2D9E8D27F4C265D0EFBAE
                                                                                                                                              Malicious:false
                                                                                                                                              IE Cache URL:https://www.touslesdrivers.com/images/mes_drivers/classes/souris.png
                                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....IDATx..VkH.g..?O...)M.CZ..<-...a..$[...p...c....ls.1h...).....?.. A..h5.K.<.Y...].=?...b...........~.y5^..}8>....C...~.....*..9.FQQQzaaaBYY......;7......ZRR.g.}...........~......V..............=~.x..Gm._.;s...z...........'....9::.,--e. t...yyy......;o...P/..a_...m.)....NCCC....~...].v.........x&......%88X."....\XX.....[@.q.-......R.....g.~2...Y.eff~...y....)ioo...7..;...d..w..~........{.Jgg..?.^....e....ILL..RU....=...J.....q..............[.$$$Dz{{...[....^.....y....+........o|.........mY...G..........!.03777.{.>[ZZdnnNe...........H]].X,.........9e...;cfdd.<66V.O.Y........o1#........L.^.*...r........(.....RbOOO9~.....{l6..+..0&I.Vd#v....zegg.....F.n......4k...Nk.l`,]'A...jkk.......:KFp.Q..,..._...@nn.......t...t......-.L.L.....c......k.I||../.P.q..}...A"..u.?....X.$...I5..677k..DP.Iy)7.QN...Q.2K.Np.M.%.q..c.Fp...X%.L..`.d...".....!..g@u......N....&%...*...I..ettT.9I...4........k........pr
                                                                                                                                              C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\aes_x64.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):22964
                                                                                                                                              Entropy (8bit):7.988416177688223
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:2vIEb1SlH/ad6/yqlZGZLwgwgF8FI3ojaON4rXEiD7blpPlpFFh7QkD/idV2Tsop:uaHyPQ8LT8FGOMUiDHlvpFFh7Q8/idVA
                                                                                                                                              MD5:9E12786503113586E5B7697F573D37F9
                                                                                                                                              SHA1:525A4D4D38B9EC5711CB8F1318E0DFED64921CAF
                                                                                                                                              SHA-256:16A8BEDB47003743DDDAC64848275A0FB49AA9761A05AD481CA0C1CE3303E5A5
                                                                                                                                              SHA-512:1DF907649A9117ADCB1463F8460A361DBE4B36689CD87CBA0E68563A40CFA721A3FE39C90993B82C20B379EDBEE8D20F42D597697EE04B55E48B380E853ACA67
                                                                                                                                              Malicious:true
                                                                                                                                              Preview: AES....CREATED_BY.aescrypt 3.10......................................................................................................................................P.........on../^..)._...../.A.].ol{.H.(......~d..=3.JO...E7a=.NG....(#......l..Z.r...D`.EzWG.......k..........:.pY.4.ld.+...."..T..Z....0]awiQz......).f..(*.....pW.WX..e.<...M$...../m=I.))..&Q.....~..5.e6....kB ........]k-......A.|.$Z|H...aD:/.>..h%g,..M(.d..jE...VR...K...?d].M..jK..?....(.8.=....s.'O..wi........6;....L..~.`..Sc.a/...)..4........?.".!.....;...+...-tF.K.k..O`...'.*..a.|N,X) 9eyN..j.u"Bb.T.............=z.S.0./8......Q..^Q.u.[t...QF.b>.7.e&...v0.....w....Q..B..V.3...N5....f...........X.d..q.}.z....5..#..'.....b.c."o..G@.Yy.2....l.g!0.O..A.....S..^..I..mN1`....bn8.$.5.....FZ.....;....Zd.`3...H.D.Up.=._.x.$B.q.{3J.d......GT.E.....FG..c .#2~[.r-<.+..L..{.`..Z.px..8B...Rt.....3...V.9*..........}...O......\..L...iS....e...u.e.D+L..I.d.^m.m...9...i?o9.ga.9...f..\.`
                                                                                                                                              C:\Users\user\AppData\Local\Temp\aes_x64.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):155136
                                                                                                                                              Entropy (8bit):6.66841365910386
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:qPjqdc4gShSWvT+Ykjse0/xZ3ElLpPShi76u7:qPWIWvT+jse05KEi
                                                                                                                                              MD5:E5125D4651C008EBA61D9FD3ABD5AB31
                                                                                                                                              SHA1:4A85E5D6AB73891832C9ADAA4A70C1896773C279
                                                                                                                                              SHA-256:874CB7A8513B781B25E176828FE8FE5AC73FA2FE29EA2AAC5FE0EAAD50E63F39
                                                                                                                                              SHA-512:26BA2CECF7324E1C5FE46112C31523E2FABAD8DE34FE84CE3A9E3A63922B0F85D84982E7C6BAE13D2E3CF65193F7A19A67A2FC80AF5A78EF8CFE611FCE1A9409
                                                                                                                                              Malicious:true
                                                                                                                                              Yara Hits:
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: C:\Users\user\AppData\Local\Temp\aes_x64.exe, Author: Joe Security
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e....O...O...O.|.O...O.|.O...O.|.O...O..O...O...O...O...O...O.|.O...O.|.O...O.|.O...ORich...O........PE..d...u{1U.........."......>.....................@.....................................%....@.....................................................<....0....... .......................R...............................................P..h............................text...j<.......>.................. ..`.rdata...E...P...F...B..............@..@.data....q..........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc..:............X..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\aes_x86.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):144384
                                                                                                                                              Entropy (8bit):6.805779966193588
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:NgzEhDpHGk/gqrYxgHNEt3koN0Shi76u7:NiEhNHgqrLme+i
                                                                                                                                              MD5:82FF688AA9253B356E5D890FF311B59E
                                                                                                                                              SHA1:4A143FC08B6A55866403966918026509BEFCC7C1
                                                                                                                                              SHA-256:B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                                                                                                                                              SHA-512:CBB3D81E3237B856E158C5F38F84230A50F913BDADA0EF37B679E27E7DDF3C970173B68D2415DD8A7377BA543206BB8E0FE77C61334B47C5684E3DDFFF86ACED
                                                                                                                                              Malicious:true
                                                                                                                                              Yara Hits:
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: C:\Users\user\AppData\Local\Temp\aes_x86.exe, Author: Joe Security
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 21%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                              Joe Sandbox View:
                                                                                                                                              • Filename: 53c0505a_by_Libranalysis.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: hztxqReczN.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: BleachGap.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: SuperEnjoy.exe, Detection: malicious, Browse
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d..d..d.A...d.A...d.A..7.d.....d..e...d.....d.A...d.A...d.A...d.Rich..d.........................PE..L...P.1U.................$...................@....@.................................N.....@..................................p..<...............................p...pA...............................k..@............@..0............................text...J#.......$.................. ..`.rdata...7...@...8...(..............@..@.data... g...........`..............@....rsrc................p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\curl_x64.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):860232
                                                                                                                                              Entropy (8bit):6.330103845723899
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:VBhSKWefubWiuJBmMSa1ayJZlQyyEmRwYGd0Cj/cHBg3ui7KMTFhlMVs+b:VBhSBwy76MM1vBycddHj/cGTFS
                                                                                                                                              MD5:E80C8CB9887A7C9426D4E843DDDB8A44
                                                                                                                                              SHA1:A04821E6D51F45B72A10BDBD3BB7E49DE069CCD2
                                                                                                                                              SHA-256:3DF4725778C0351E8472A0F8E18CAF4FA9B95C98E4F2D160A26C3749F9869568
                                                                                                                                              SHA-512:41B4BD84336785D4DA13B5653183BF2A405B918AFAD3ACD934F253D23B1E00460173E36B2D65A61F77EF2B942DBA735655FC5B4EC561C375896F5A010E053D33
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............._..._..._..._..._.-._..._.-._..._..._..._.-._..._.-._..._.-._..._.-._..._Rich..._........PE..d......X..........#......6..........0G........@..............................P..............................................................4Q..x........B......h^......H............................................................P..H............................text...n4.......6.................. ..`.rdata.......P.......:..............@..@.data....;...`.......J..............@....pdata..h^.......`...b..............@..@.rsrc....B.......D..................@..@........................................................................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\curl_x86.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):690760
                                                                                                                                              Entropy (8bit):6.379028616802886
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:yy+N4we0nEbORHuybDm5EsKDiVwx3g5smKQwT49zw64GdUCjfcwC6dum7O8TPVsT:CN4X0nvjbDm5v5wizH9dnjfcsTI
                                                                                                                                              MD5:213A2CE0C3E3BCC71DF42A9EDAD0BA35
                                                                                                                                              SHA1:A82D8374BDBEA0CD3B08EDBDE32EAC29E061AD96
                                                                                                                                              SHA-256:FBC0D3A56DCC0B9C6FFE556D1FD58C57502325780F137B64788FBBBDFC13BB82
                                                                                                                                              SHA-512:77BECC9354014573A7C348E94632ED484C156C24585EB4CBA3E62FD8BB13085D41090EBBED056A58BE0658DA5918E639BF5F0AEBF4FCEE3F2270E8A701A1348C
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r...r...r...a..~...w..p...w.o...w.......r...........y...............s.......s...Richr...................PE..L...+..X..........................................@.................................I6......................................8...x....0...B...........p..H...............................................@............................................text.............................. ..`.rdata...3.......@..................@..@.data...d+....... ..................@....rsrc....B...0...P... ..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\detect_x64.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):82432
                                                                                                                                              Entropy (8bit):4.904297032300948
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:mGdmm1zdwlinYnyxH0GSrFc5VfJF4O7W5ia:mGdsqZxM5cXLRW5i
                                                                                                                                              MD5:6A7EC375AF8BA2E87FF7F23497E9944E
                                                                                                                                              SHA1:791FB650E9E27E9857B332F534A0ADE1EAE28BE7
                                                                                                                                              SHA-256:65C68FD55281A0A4598807EA83531A0CB0E4E79A8C5BF38E9637E776F72C3514
                                                                                                                                              SHA-512:C6FA4AC94692DDB8D60C8AB40AA33B17E9D0800C802EE5D3C7D6F0DB24C507638743287A274D7EC62FE568B6AA1C69932D52E74A50040720A89138CB5C8BE7AA
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j....pN..pN..pN.VsO..pN.VtO..pN.VuO..pN.VqO..pN..qN..pN.VyO..pN.V.N..pN.VrO..pNRich..pN........................PE..d...2..W.........."......b..........@j.........@.....................................P....`.......... ..................................................................................8............................................................................text...0a.......b.................. ..`.rdata... ......."...f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc...............@..............@..B................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\detect_x64_2.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):81408
                                                                                                                                              Entropy (8bit):4.8816791730814995
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:rrNzEAAwF11A/YuQu2QVoh1Ad5pWQlqTORopXJAiFaptHJ82BSOe9oKSJ2SLD0BF:NEAlA/YuQNNeUTORopXebptHJF4O7W1
                                                                                                                                              MD5:635E57FD7AEFFAF87F6242AF79F419AA
                                                                                                                                              SHA1:BC727A929A778C395675BACCF281A803B4CAD4EF
                                                                                                                                              SHA-256:4A097314779F4D9CC594F40DB5509487AA4C2C8BDC58BC7230FCB183334BFD97
                                                                                                                                              SHA-512:69E5BEDB1925CFD5A2618C57C2F7DE82816183423B8F022614681511931B86A961FE02DB4F9FB94700981A0B8948E8A55DFCC60897462233DB819594D4DECEAD
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j^...?...?...?....q.,?....r.o?....s.>?....w.!?...?...?....o.-?...../?....u./?....p./?..Rich.?..................PE..d...P..S.........."......l...........n.........@....................................z9....`.......... .........................................................l............p......@................................................................................text....j.......l.................. ..`.data................p..............@....pdata..l............t..............@..@.idata...............x..............@..@.rsrc...............................@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\detect_x86.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):78848
                                                                                                                                              Entropy (8bit):4.9059415705271885
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:w44f/8vj/BaTwqy4Sj5dED/bAzqYptHh82BSOe9oKSJ2SLD0BEZWkSiSbA:wHsvFaUY/khptHhF4O7W5iSbA
                                                                                                                                              MD5:42344B0A6F2941A402BF7AAC3893A6BA
                                                                                                                                              SHA1:713476D0AF007882639A8F703EE5CBCE34380293
                                                                                                                                              SHA-256:F6971D84A1600EA51FD7508C4DA636BE8BF9EA406D472FC2D9E42B4AC58B77D8
                                                                                                                                              SHA-512:8C3BBB98507B963FB0F77C404CAAE78ADFDCFD132DF53985C9D8E9692FFC50744B19D52477C2701810A7967BD6E5ECF13AF912D2EFF47FC2CA68BD045C56D695
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........nG.i...i...i..^....i..^....i..^....i..^....i...i..&i..^....i....~..i..^....i..^....i..Rich.i..........................PE..L...|..S.................^..........2b.......p....@..........................P.......r....@...... ...........................................................@..0... ...................................@............................................text...4\.......^.................. ..`.data...D....p.......b..............@....idata..h............d..............@..@.rsrc................t..............@..@.reloc..\....@.......$..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              Process:C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe
                                                                                                                                              File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1165312
                                                                                                                                              Entropy (8bit):7.9946328993180025
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:24576:4AmTUWOc8w79cO634s6zyG2fzjTrqVHqOx:4B/OBVloswV2LjHzOx
                                                                                                                                              MD5:02BA1C44B6392F013A7AA0B91314F45A
                                                                                                                                              SHA1:724C1977101ECAE88E4F104A8422B64BFEC01A98
                                                                                                                                              SHA-256:7FBE59195F5F6F45C8B38B12488A169FDCB3A272004DBAF44C9D92A60A3690CB
                                                                                                                                              SHA-512:56BED935B028257E6EB485C555002F3E07E86788452CCA0E28786098CC9254A7462B777A7A46AE6594911A73D786A6D15DEE248F05A4C33A1BC749BE071BCC3D
                                                                                                                                              Malicious:true
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: Metadefender, Detection: 10%, Browse
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 28%
                                                                                                                                              Preview: MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....+.W.................d...$".......(...........@..........................0)......O........................................(.......(.l6............'.x/...`..............................0.(.....................@.(.@....0..T....................MPRESS1..(......~.......................MPRESS2X.....(..........................rsrc...l6....(..8..................@..............................................................................v2.19..n|.. ..........h../'.'...xN.r..^BT%.....6.sJ.F..n..L.U...RX.Tsb....^.y...zIw. .1..x.;T*.^#..#....cy..u....DW.....w.k.z._by..hp...YCJ..D(@....k~?...w..W...Ho0.*%e|L(...n...n..mR..<.;..#=UF"z..x=]..]..9..("#...~...okoQt.-...V2iZ.....0J..r..2UK5.Njz.Sx..Wr@..@(X..E..;.g...o.Z.D.~"....Ui...$`....UD6.v.....w ...J.....A...........L...1V.TE9...6....F......f./.......5...JX.kLg...R.a....+..X.51?...S...<G...".NNm.....m..wW'o'a....W..%.....:j!.=.#.-.,B..< ...G..w.\..~)V...
                                                                                                                                              C:\Users\user\AppData\Local\Temp\interface.cmd
                                                                                                                                              Process:C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe
                                                                                                                                              File Type:DOS batch file, Non-ISO extended-ASCII text, with CRLF, NEL line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2669
                                                                                                                                              Entropy (8bit):5.137308062929335
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:A5SvrvPuel4uFaBRACQzqNuXl5bRTmlvy5BkdNN439kfOk0rn:A5SvzPJl4FRAPzGuV5bmvs84kfvgn
                                                                                                                                              MD5:E0EB53551ACA2ACFF814DDD7ACA212E2
                                                                                                                                              SHA1:EE825C865D5ABF244D6165EE838735F1BA05BFCB
                                                                                                                                              SHA-256:11993A03F68A33500A3CE8FBEB3E3C2042A28299D04F39EED40147709E76CA79
                                                                                                                                              SHA-512:DDDE3D274B2EA8DA0D645F88BD6B340902DCA83E599BA0C7249953A7C1F2DD512F764802134A6EFA1F48CA6CAE23B78881569228F908DD0746ABE3C46E95A348
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: @ECHO OFF..SETLOCAL....COLOR F0..MODE CON: COLS=76 LINES=15....SET "version=3.0.4"..::SET "version=%version% b.ta"....TITLE Mes Drivers %version%....SET "dossier=%TMP%\"....IF EXIST "%dossier%mes_drivers_update" (DEL /F "%dossier%mes_drivers_update")....VER | FINDSTR /I /R /C:"version 5\.[0-1]\." > NUL 2>&1..IF %ERRORLEVEL% EQU 0 (SET "waitfor=waitfor_x86.exe") ELSE (SET "waitfor=WAITFOR")....SET "titre=TousLesDrivers.com - Mes Drivers - %version%"..SET "message_1=Etape 1/4 - Recherche d'une nouvelle version de l'application..."..SET "message_2=Etape 2/4 - D.tection de la configuration syst.me..."..SET "message_3=Etape 3/4 - D.tection des composants mat.riels et des drivers install.s..."..SET "message_4=Etape 4/4 - Envoi des informations au serveur TousLesDrivers.com..."..SET "message_update_1=Cette version de l'application n'est plus . jour."..SET "message_update_2=T.l.chargez la derni.re version sur www.TousLesDrivers.com"..SET "message_error=Erreur fatale"..SET "message_attente=Merc
                                                                                                                                              C:\Users\user\AppData\Local\Temp\interface.lnk
                                                                                                                                              Process:C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe
                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Jul 7 22:18:15 2021, mtime=Wed Jul 7 22:18:15 2021, atime=Wed Jul 7 22:18:15 2021, length=2669, window=hide
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1947
                                                                                                                                              Entropy (8bit):3.6394959900450687
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:8C2/kFJNMGAZREgKDbmM4m2yAfo8KYbOPYCTp7aB6m:8v/kF7AZR+6MXufo8vCEB6
                                                                                                                                              MD5:5A67FBC6C1C047B2548C6B2ADD486510
                                                                                                                                              SHA1:8A35A359AD9987D3B599FA00E502078D7D3E7431
                                                                                                                                              SHA-256:95D4DD8CE16C7F44BBE46DDCBE2A71F6D23A2D9B5E85CE7F8F234BF73AD767AE
                                                                                                                                              SHA-512:B3BF54845F70811FF9CDBD8B66F988DA744EA0367BBF899E8BB1C53EC9BBE1195132594E0133576A771AD1DDEBCBB48264E9058648617E42E1CBFA012F02F36E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: L..................F.@.. ....q.\.s...q.\.s...q.\.s..m.........................:..DG..Yr?.D..U..k0.&...&...........-.....8...8p.].s......t...CFSF..1......NM...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......NM..RB......Y.....................R..A.p.p.D.a.t.a...B.P.1.....>Qbu..Local.<.......NM..RB......Y...................../..L.o.c.a.l.....N.1......RC...Temp..:.......NM..RC......Y......................A.T.e.m.p.....h.2.m....RH. .INTERF~1.CMD..L.......RH..RH.....:S....................,.n.i.n.t.e.r.f.a.c.e...c.m.d......._...............-.......^..............g.....C:\Users\user\AppData\Local\Temp\interface.cmd......\.i.n.t.e.r.f.a.c.e...c.m.d.#.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.-.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.D.e.s.k.t.o.p.\.M.e.s._.D.r.i.v.e.r.s._.3...0...4...e.x.e.........%USERPROFILE%\Desktop\Mes_Drivers_3.0.4.exe................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\waitfor_x86.exe
                                                                                                                                              Process:C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):38400
                                                                                                                                              Entropy (8bit):5.771125779123941
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ZQ1aoTfPUGS21Rux8NVB/QA6I1uZXs8f0XUwpBq4pjC0uIr3HX:+1Tr8ovpQA6I1isiTEB8Ir33
                                                                                                                                              MD5:DD8C73BDCF2077B82DBB6DDD8ECB6A6D
                                                                                                                                              SHA1:34D59EAFBC485052C5BD5C61697FCCC3D0878D5B
                                                                                                                                              SHA-256:C3370E8EC5CA54E8FD7EAC19C278689CF122EDAC91FAA4376DC24B1D807FE510
                                                                                                                                              SHA-512:8E01822020C34B9F08BF01CB64FCCEBE03709797C4B2350C3E14DC174D2B8CD0A7D46A1108409DFEEFAFED13F30B8E217E55F6A47E791868EE60C14F774482D9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J..u...&...&...&...&...&..&...&...&g..&..&...&..&...&..&...&..&...&Rich...&................PE..L......>.................h...*......0%..............................................&\........... .......................... o..........8&..............................................................@...P........................................text....g.......h.................. ..`.data................l..............@....rsrc...8&.......(...n..............@..@.$.>X....$.>e....$.>o....$.>z....$.>.....$.>.....$.>.....$.>.....$.>.....$.>............KERNEL32.dll.NTDLL.DLL.msvcrt.dll.USER32.dll.NETAPI32.dll.WS2_32.dll.SHLWAPI.dll.MPR.dll.Secur32.dll.VERSION.dll................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\waitfor_x86_2.exe
                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):38400
                                                                                                                                              Entropy (8bit):5.771125779123941
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ZQ1aoTfPUGS21Rux8NVB/QA6I1uZXs8f0XUwpBq4pjC0uIr3HX:+1Tr8ovpQA6I1isiTEB8Ir33
                                                                                                                                              MD5:DD8C73BDCF2077B82DBB6DDD8ECB6A6D
                                                                                                                                              SHA1:34D59EAFBC485052C5BD5C61697FCCC3D0878D5B
                                                                                                                                              SHA-256:C3370E8EC5CA54E8FD7EAC19C278689CF122EDAC91FAA4376DC24B1D807FE510
                                                                                                                                              SHA-512:8E01822020C34B9F08BF01CB64FCCEBE03709797C4B2350C3E14DC174D2B8CD0A7D46A1108409DFEEFAFED13F30B8E217E55F6A47E791868EE60C14F774482D9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J..u...&...&...&...&...&..&...&...&g..&..&...&..&...&..&...&..&...&Rich...&................PE..L......>.................h...*......0%..............................................&\........... .......................... o..........8&..............................................................@...P........................................text....g.......h.................. ..`.data................l..............@....rsrc...8&.......(...n..............@..@.$.>X....$.>e....$.>o....$.>z....$.>.....$.>.....$.>.....$.>.....$.>.....$.>............KERNEL32.dll.NTDLL.DLL.msvcrt.dll.USER32.dll.NETAPI32.dll.WS2_32.dll.SHLWAPI.dll.MPR.dll.Secur32.dll.VERSION.dll................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF085E27A7477E5391.TMP
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):37347
                                                                                                                                              Entropy (8bit):0.8254349064808411
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:kBqoxKYQ1Q5QSQnKQdKQVQnQBQSQ2y+89MVcKJQXs/M:kBqoxKYqGtYKyKKQuN5IM6XsU
                                                                                                                                              MD5:EDD41FC06BF8A21DCF9C4CA190C3CB72
                                                                                                                                              SHA1:6DF7968465B8388D4A7D5DFE7C694CBB1113C7BA
                                                                                                                                              SHA-256:4AB3F27326EC6714FEB54A5EAD1CA2A12537DC49D2186161F95D270847AF1893
                                                                                                                                              SHA-512:6CD58CC5465A598F3E793DC7C12EF83AE7830935404BE55F869A9F97A4106BFA91F2E404ECD513460BE9A305B31C905116F0AE153A7EB076C91DF5E5B3BBC892
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF64AAEB065551F5B2.TMP
                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12965
                                                                                                                                              Entropy (8bit):0.4181458623307724
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:c9lLh9lLh9lIn9lIn9loeI9loeY9lWeDKIkNkYKQII2:kBqoIejeVeGIkNkYTII2
                                                                                                                                              MD5:FDDB2C34C8D8854EC0A0B438C2836284
                                                                                                                                              SHA1:0BB28171D280454C46BF468AB91B27BE6C420C17
                                                                                                                                              SHA-256:BA4FCA736A2075E91B07B932523A8D2B141B8C5102E097882C2B1111EACEBB97
                                                                                                                                              SHA-512:EA5DFB8140252D67FB3D7FB46A59E8D85A5F378E4EE7A8956254F6173A077F84BF27018889A5BF204EDDE0C507973AE9134A5C574CE1F9CECD7E1C25B716D764
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                              Entropy (8bit):7.80639394183153
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.40%
                                                                                                                                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                              • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                              File name:Mes_Drivers_3.0.4.exe
                                                                                                                                              File size:1624440
                                                                                                                                              MD5:50a5e891da27e63d54e68511e48aa026
                                                                                                                                              SHA1:87073d85a7ba420b15c8bb9a9e4adc64db2bcfef
                                                                                                                                              SHA256:0788aaea249d92a84f70047efcacaa54c26320b439c490ba3ce00457955031d6
                                                                                                                                              SHA512:6df8811e3e1f6a4110ca3b7c498af13898b46962a30888879180b2f11dda24344a1de4807663d46dd86f7ea11855d08137980cc85fe71e688d082f2f79994909
                                                                                                                                              SSDEEP:24576:AfHFw5b9DOnFYrv+kjqipUompMEoNMDYSkbDknoI6JK+ZYtEi8ETtAM5B:sjFYrv+kjV45oeYSRnyJhOtEVcf5B
                                                                                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:03894ca5a5c1e074

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x45678c
                                                                                                                                              Entrypoint Section:.itext
                                                                                                                                              Digitally signed:true
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
                                                                                                                                              DLL Characteristics:
                                                                                                                                              Time Stamp:0x57D32BF4 [Fri Sep 9 21:39:00 2016 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:5
                                                                                                                                              OS Version Minor:0
                                                                                                                                              File Version Major:5
                                                                                                                                              File Version Minor:0
                                                                                                                                              Subsystem Version Major:5
                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                              Import Hash:1d58845e01168b11e8fe1f814f39f398

                                                                                                                                              Authenticode Signature

                                                                                                                                              Signature Valid:true
                                                                                                                                              Signature Issuer:CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                              Error Number:0
                                                                                                                                              Not Before, Not After
                                                                                                                                              • 11/30/2016 4:00:00 PM 12/1/2017 3:59:59 PM
                                                                                                                                              Subject Chain
                                                                                                                                              • CN=Tous Les Drivers, OU=IT, O=Tous Les Drivers, STREET=75 avenue de Marseille, L=Vitrolles, S=Bouches-du-Rh&#195;&#180;ne, PostalCode=13127, C=FR
                                                                                                                                              Version:3
                                                                                                                                              Thumbprint MD5:9FCA37DC296D67356D8D08964CD71785
                                                                                                                                              Thumbprint SHA-1:48171D12F1CC636CEC19B926648D3CA247711D48
                                                                                                                                              Thumbprint SHA-256:70833935EE77C609DAFC1CF8395D3E99A1D44ED204943FB57D375B1F3AFF8343
                                                                                                                                              Serial:4513E8E5C8BBB6D79305E44A01921076

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              push ebp
                                                                                                                                              mov ebp, esp
                                                                                                                                              mov ecx, 00000006h
                                                                                                                                              push 00000000h
                                                                                                                                              push 00000000h
                                                                                                                                              dec ecx
                                                                                                                                              jne 00007F3C4CAFFD3Bh
                                                                                                                                              push ecx
                                                                                                                                              push ebx
                                                                                                                                              push esi
                                                                                                                                              push edi
                                                                                                                                              mov eax, 00451AF0h
                                                                                                                                              call 00007F3C4CAB36E4h
                                                                                                                                              xor eax, eax
                                                                                                                                              push ebp
                                                                                                                                              push 00456C06h
                                                                                                                                              push dword ptr fs:[eax]
                                                                                                                                              mov dword ptr fs:[eax], esp
                                                                                                                                              xor eax, eax
                                                                                                                                              mov dword ptr [0045F080h], eax
                                                                                                                                              mov eax, dword ptr [00458934h]
                                                                                                                                              xor edx, edx
                                                                                                                                              mov dword ptr [eax], edx
                                                                                                                                              mov bl, 01h
                                                                                                                                              xor eax, eax
                                                                                                                                              push ebp
                                                                                                                                              push 00456801h
                                                                                                                                              push dword ptr fs:[eax]
                                                                                                                                              mov dword ptr fs:[eax], esp
                                                                                                                                              push 00456C24h
                                                                                                                                              push 0000000Ah
                                                                                                                                              mov ecx, dword ptr [00458A24h]
                                                                                                                                              mov ecx, dword ptr [ecx]
                                                                                                                                              mov dl, 01h
                                                                                                                                              mov eax, dword ptr [00433D40h]
                                                                                                                                              call 00007F3C4CAE6A4Bh
                                                                                                                                              mov dword ptr [0045F080h], eax
                                                                                                                                              xor eax, eax
                                                                                                                                              pop edx
                                                                                                                                              pop ecx
                                                                                                                                              pop ecx
                                                                                                                                              mov dword ptr fs:[eax], edx
                                                                                                                                              jmp 00007F3C4CAFFD58h
                                                                                                                                              jmp 00007F3C4CAAEF43h
                                                                                                                                              xor ebx, ebx
                                                                                                                                              mov eax, dword ptr [0045F080h]
                                                                                                                                              call 00007F3C4CAAE34Fh
                                                                                                                                              call 00007F3C4CAAF44Eh
                                                                                                                                              test bl, bl
                                                                                                                                              je 00007F3C4CB00102h
                                                                                                                                              mov dl, 01h
                                                                                                                                              mov eax, dword ptr [00450778h]
                                                                                                                                              call 00007F3C4CAF9D6Ah
                                                                                                                                              mov dword ptr [0045F078h], eax
                                                                                                                                              mov eax, dword ptr [0045F078h]
                                                                                                                                              mov byte ptr [eax+04h], 00000000h
                                                                                                                                              mov eax, dword ptr [0045F078h]
                                                                                                                                              mov byte ptr [eax+05h], 00000001h
                                                                                                                                              mov eax, dword ptr [0045F078h]
                                                                                                                                              add eax, 08h
                                                                                                                                              mov edx, 00456C44h
                                                                                                                                              call 00007F3C4CAAFF29h

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x600000x1486.idata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x13029c.rsrc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x189a000x2f78.rsrc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x650000x0.reloc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x640000x18.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x6044c0x30c.idata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x620000x154.didata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              .text0x10000x54bac0x54c00False0.41686255531data6.34358551635IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                              .itext0x560000xcd00xe00False0.561383928571data5.76394574755IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                              .data0x570000x1c900x1e00False0.377213541667data3.91882656946IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                              .bss0x590000x60980x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                              .idata0x600000x14860x1600False0.323686079545MIPSEB-LE MIPS-III ECOFF executable stripped - version 0.64.84798937347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                              .didata0x620000x1540x200False0.30859375data2.41945210787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                              .tls0x630000x100x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rdata0x640000x180x200False0.05078125data0.206920017787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                              .reloc0x650000x80a80x0False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rsrc0x6e0000x13029c0x130400False0.954636786154data7.98099551661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                              Resources

                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                              TYPELIB0x6e4200x204cdata
                                                                                                                                              RT_ICON0x7046c0xca8data
                                                                                                                                              RT_STRING0x711140x38data
                                                                                                                                              RT_STRING0x7114c0x6f8data
                                                                                                                                              RT_STRING0x718440x32cdata
                                                                                                                                              RT_STRING0x71b700x388data
                                                                                                                                              RT_STRING0x71ef80x3a4data
                                                                                                                                              RT_STRING0x7229c0x148data
                                                                                                                                              RT_STRING0x723e40xccdata
                                                                                                                                              RT_STRING0x724b00x204data
                                                                                                                                              RT_STRING0x726b40x39cdata
                                                                                                                                              RT_STRING0x72a500x368data
                                                                                                                                              RT_STRING0x72db80x2b8data
                                                                                                                                              RT_RCDATA0x730700x12acd2data
                                                                                                                                              RT_GROUP_ICON0x19dd440x14data
                                                                                                                                              RT_VERSION0x19dd580x33cdataEnglishUnited States
                                                                                                                                              RT_MANIFEST0x19e0940x205XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                              advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                              user32.dllMessageBoxA, CharNextW, LoadStringW
                                                                                                                                              kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, lstrcpynW, VirtualQuery, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                                                                                                                                              kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                                                                                                                                              user32.dllSetWindowLongW, GetWindowLongW, CreateWindowExW, UnregisterClassW, TranslateMessage, SetTimer, RegisterClassW, PostThreadMessageW, PeekMessageW, MessageBoxW, LoadStringW, KillTimer, GetSystemMetrics, GetClassInfoW, DispatchMessageW, DestroyWindow, DefWindowProcW, CharUpperBuffW, CharUpperW
                                                                                                                                              version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                              kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, SizeofResource, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, LockResource, LocalFree, LoadResource, LoadLibraryW, IsValidLocale, GetVersionExW, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetTempPathW, GetSystemDefaultLCID, GetStdHandle, GetShortPathNameW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileAttributesW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, EnumSystemLocalesW, EnumCalendarInfoW, DeleteFileW, CreateFileW, CreateEventW, CompareStringW, CloseHandle
                                                                                                                                              advapi32.dllRegSetValueExW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey
                                                                                                                                              oleaut32.dllCreateErrorInfo, GetErrorInfo, SetErrorInfo, DispGetIDsOfNames, RegisterTypeLib, LoadTypeLibEx, SafeArrayGetElement, SafeArrayGetLBound, SafeArrayGetUBound, SysFreeString
                                                                                                                                              ole32.dllCreateBindCtx, CoTaskMemFree, CLSIDFromProgID, StringFromCLSID, CoCreateInstance, CoLockObjectExternal, CoDisconnectObject, CoRevokeClassObject, CoRegisterClassObject, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                                              kernel32.dllSleep
                                                                                                                                              oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                              URLMON.DLLMkParseDisplayNameEx
                                                                                                                                              shell32.dllSHGetSpecialFolderPathW

                                                                                                                                              Version Infos

                                                                                                                                              DescriptionData
                                                                                                                                              LegalCopyrightCopyright 2016 Tous Les Drivers - Tous droits rservs
                                                                                                                                              InternalName
                                                                                                                                              FileVersion 3. 0. 4. 0
                                                                                                                                              CompanyNameTous Les Drivers
                                                                                                                                              LegalTrademarks
                                                                                                                                              Comments
                                                                                                                                              ProductNameMes Drivers
                                                                                                                                              ProductVersion 3. 0. 4. 0
                                                                                                                                              FileDescriptionMes Drivers
                                                                                                                                              OriginalFilename
                                                                                                                                              Translation0x0409 0x04e4

                                                                                                                                              Possible Origin

                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                              EnglishUnited States

                                                                                                                                              Network Behavior

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Jul 7, 2021 16:18:20.480421066 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:20.540138960 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.540363073 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:20.559083939 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:20.619585037 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.619623899 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.619651079 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.619668961 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.619987965 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:20.809349060 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:20.870106936 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.886295080 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:20.943873882 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.944575071 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:20.944601059 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:18:21.001641989 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:21.001687050 CEST4434971885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:21.001890898 CEST49718443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.425966978 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.483319998 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.483565092 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.529664993 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.590296984 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.590333939 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.590358019 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.590517044 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.590547085 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.590701103 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.599939108 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.661529064 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.694638968 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.751827002 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.752733946 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.759641886 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.819139957 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.819286108 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.819442987 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.819480896 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.819520950 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.819679976 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.819789886 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.819895983 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.838443995 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.876914024 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.877105951 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.877245903 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.877397060 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.953710079 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.954535961 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:34.954673052 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:35.013068914 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:35.013091087 CEST4434973485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:35.013262033 CEST49734443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.333246946 CEST4973580192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.333874941 CEST4973680192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.390886068 CEST804973585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.390923023 CEST804973685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.391021013 CEST4973580192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.391068935 CEST4973680192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.407059908 CEST4973580192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.464884043 CEST804973585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.465008974 CEST4973580192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.483196974 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.542851925 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.543082952 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.554483891 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.614872932 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.614932060 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.614969015 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.615041018 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.615087032 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.615093946 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.652616024 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.659405947 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.714837074 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.715034962 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.745074034 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.805619001 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.805707932 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.805747986 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.805753946 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.805804014 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.805814981 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.805831909 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.805876970 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.805891991 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.805949926 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.806016922 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.806032896 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.864624023 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.864690065 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.864818096 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.864856005 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.955403090 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:38.956854105 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.012830019 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.012890100 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.012932062 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.012969017 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.013019085 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.013066053 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.013076067 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.013082981 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.014163017 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.014276981 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.033080101 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.036228895 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.042767048 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.043401957 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.064316034 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.070888042 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.070971012 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.071815968 CEST4973680192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.072887897 CEST4973580192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.076987028 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.077045918 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.077059031 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.092046022 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.092178106 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.092680931 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.094165087 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.094238043 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.094316959 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.094376087 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.095166922 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.095278978 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.109111071 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.109124899 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.109199047 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.111888885 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.112195015 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.112498999 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.123302937 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123343945 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123423100 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123492002 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123492956 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.123543024 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.123613119 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.123661995 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123692036 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123764992 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.123800039 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123881102 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.123923063 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123944044 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.123971939 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.123996973 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.128546953 CEST804973685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.129535913 CEST804973585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.129595995 CEST4973580192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.130407095 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.130490065 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.134650946 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.134679079 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.134697914 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.134816885 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.134834051 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.136049986 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.138781071 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.138911009 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.143981934 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.144078016 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.144285917 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.150017023 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.150106907 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.150433064 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.150526047 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.151854992 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.151978016 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.154125929 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.154328108 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.154793978 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.159707069 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.159754992 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.159774065 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.159789085 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.159832001 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.159913063 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.160054922 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.160094023 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.160113096 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.160123110 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.160135031 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.160176992 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.166234970 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.166347027 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.166840076 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.169418097 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.169464111 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.169511080 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.169531107 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.169550896 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.169594049 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.169725895 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.169774055 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.176146984 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.192126989 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.192650080 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.195235968 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.195291042 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.195374966 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.195415974 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.198626041 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.198674917 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.198733091 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.198767900 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.200979948 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.201093912 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.201118946 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.201191902 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.203461885 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.203917027 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.203991890 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.204463005 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.208992004 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.209148884 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.210701942 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.211379051 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.211422920 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.211513996 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.213418007 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.214764118 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.218277931 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.218286037 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.218672037 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.219629049 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.222830057 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.222829103 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.223186970 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.223701000 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.224246025 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.224272966 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.224288940 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.224320889 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.224390984 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.227288961 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.227333069 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.227437019 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.227452993 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.227475882 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.227493048 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.227505922 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.227544069 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.229965925 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.231964111 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.234476089 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.238750935 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.239289999 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.240354061 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.240375996 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.240387917 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.240432978 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.240479946 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.240607977 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.240917921 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.241264105 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.244357109 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.244930029 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.244971037 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.253371954 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.253549099 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.253710985 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.253779888 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.257687092 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.257864952 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.257890940 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.257944107 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.257973909 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.261053085 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.261177063 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.261248112 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.261823893 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.261852980 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.261903048 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.261924982 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.263802052 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.263819933 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.263830900 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.263897896 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.263910055 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.263950109 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.263987064 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.267745972 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.267904997 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.269197941 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.269294977 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.269309044 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.269315958 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.269323111 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.269407988 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.269413948 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.270433903 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:39.270766973 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.270853043 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.273591995 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.274938107 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.276209116 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.280904055 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.280919075 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.281019926 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.281059980 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.282247066 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.283299923 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.283319950 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.283334970 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.283423901 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.283432961 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.283468962 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.283490896 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.284836054 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.284871101 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.285665035 CEST49747443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.285893917 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.287321091 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.289848089 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.290131092 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.290152073 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.290213108 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.290374041 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.291621923 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.291731119 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.292352915 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.294408083 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.294424057 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.294445038 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.294470072 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.294492960 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.294507980 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.294511080 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.294524908 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.294527054 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.294559002 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.294939041 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.295006990 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.295238018 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.295298100 CEST49748443192.168.2.5104.26.7.39
                                                                                                                                              Jul 7, 2021 16:19:39.296315908 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.296335936 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.296400070 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.296427965 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.298046112 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.298327923 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.298342943 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.298422098 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.298446894 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.298568010 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.298588991 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.298636913 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.298682928 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.299937010 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.300000906 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.305058956 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.305679083 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.309254885 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.310084105 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.312232018 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.324728966 CEST44349747104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.331465960 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.331554890 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.331881046 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.332767963 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.332803965 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.332829952 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.332858086 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.332870007 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.332894087 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.332906961 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.333606958 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.334444046 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.334471941 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.334489107 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.334537983 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.334573030 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.335356951 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.335383892 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.335398912 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.335418940 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.335438967 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.335486889 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.339565039 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.339601040 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.339660883 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.339698076 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.342256069 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.343169928 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.343713045 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.343744040 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.343803883 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.343837023 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.343852997 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.344105959 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.344176054 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.344214916 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.344281912 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.345312119 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.345333099 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.345403910 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.345432043 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.345509052 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.345676899 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.347970963 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.348001003 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.348042965 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.348068953 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.348779917 CEST44349748104.26.7.39192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.349522114 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.349612951 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.349633932 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.349708080 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.349750996 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.349770069 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.349787951 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.349807024 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.349848032 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.349865913 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.354562998 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.354681969 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.355077028 CEST49742443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.357939959 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.358042955 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.359622955 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.359656096 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.359682083 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.359740019 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.359760046 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.361376047 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.361732006 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.361767054 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.361804008 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.361826897 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.363420010 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.363447905 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.363512039 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.363528013 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.363554001 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.363583088 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.365942955 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.365983009 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.366008043 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.366027117 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.367218971 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.367590904 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.367897034 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.367925882 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.367975950 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.368029118 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.376703978 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.390577078 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.390614033 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.390688896 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.390732050 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.391088963 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.391155005 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.391156912 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.391215086 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.391309023 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.391338110 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.391367912 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.391415119 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.392179966 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.392239094 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.392374039 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.392431974 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.394311905 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.394342899 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.394371033 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.394402027 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.394488096 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.394562006 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.395916939 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.395962000 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.395981073 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.396003962 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.398042917 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.398083925 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.398117065 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.398134947 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.415643930 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.415740013 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.415781021 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.415813923 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.419061899 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.419109106 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.419164896 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.419433117 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.428498030 CEST44349742142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.446114063 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.446391106 CEST49752443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.447035074 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.447299004 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.452513933 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.457726955 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.467885971 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.468384981 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.470079899 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.474009037 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.494616985 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.497900963 CEST4434975235.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.509768963 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.509819031 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.509896040 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.510694027 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.510745049 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.512459040 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.515224934 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.515266895 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.515388966 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.515484095 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.525211096 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.525253057 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.525324106 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.525347948 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.525471926 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.525543928 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.525592089 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.525650978 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.527179956 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.527215958 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.527261019 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.527287960 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.530983925 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.531258106 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.540472984 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.543387890 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.544783115 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.545303106 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.546215057 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.569730997 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.569777966 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.569813967 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.569833994 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.569849968 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.569880009 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.571760893 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.572056055 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.580131054 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.600461960 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.600562096 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.602272987 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.603154898 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.603194952 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.603281975 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.603321075 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.604724884 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.604763985 CEST4434973885.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.604816914 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.604847908 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.604866028 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.604918957 CEST49738443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.604947090 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.604988098 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.606357098 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.606399059 CEST4434974485.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.606466055 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.606497049 CEST49744443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.614084005 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.615444899 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.631341934 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.631392956 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.631423950 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.631438971 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.631472111 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.634310007 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.642594099 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.662410021 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.662477016 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.662555933 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.662606001 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.665344954 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.665373087 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.665410042 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.665436983 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.665682077 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.665712118 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.665752888 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.665781975 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.666279078 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.666986942 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.667026997 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.667054892 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.667083025 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.668293953 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.668337107 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.668379068 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.668421030 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.670778990 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.670818090 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.670842886 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.670870066 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.673355103 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.673396111 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.673444986 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.673463106 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.673626900 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.673669100 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.673695087 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.673715115 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.673743963 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.673753023 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.675043106 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.675162077 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.675740957 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.675782919 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.675812006 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.675937891 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.678253889 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.678304911 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.678329945 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.678365946 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.680741072 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.680780888 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.680808067 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.680830956 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.683233976 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.683278084 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.683322906 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.683348894 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.685714006 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.685765028 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.685805082 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.685831070 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.688199043 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.688241959 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.688290119 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.688318968 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.690685987 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.690736055 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.690764904 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.690824032 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.693180084 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.693221092 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.693247080 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.693279028 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.695677042 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.695719957 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.695760965 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.695815086 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.698160887 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.698204994 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.698246956 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.698375940 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.700670958 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.700715065 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.700771093 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.701973915 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.725109100 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.725162983 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.725191116 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.725244045 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.726274014 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.726315975 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.726349115 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.726376057 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.728861094 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.728903055 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.728962898 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.728986025 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.731419086 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.731451988 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.731533051 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.731556892 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.733896971 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.733944893 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.733995914 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.734031916 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.736392021 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.736435890 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.736449003 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.736486912 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.738758087 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.738797903 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.738848925 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.738872051 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.741259098 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.741306067 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.741353035 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.741372108 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.743710995 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.743762016 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.743793964 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.743815899 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.746220112 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.746263027 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.746294022 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.746321917 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.748697996 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.748765945 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.748771906 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.748830080 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.751255035 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.751344919 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.751384974 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.751425028 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.753706932 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.753762007 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.753799915 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.753829956 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.756140947 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.756184101 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.756277084 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.756311893 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.758495092 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.758541107 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.758616924 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.758861065 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.760576010 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.760632038 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.760695934 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.760751963 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.762680054 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.762722015 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.762777090 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.762794971 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.764699936 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.764751911 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.764771938 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.764821053 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.766712904 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.766767025 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.766773939 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.766809940 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.768733025 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.768771887 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.768783092 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.768829107 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.770693064 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.770737886 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.770746946 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.770787954 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.772651911 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.772700071 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.772701979 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.772758961 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.774715900 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.774759054 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.774768114 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.774802923 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.776673079 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.776719093 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.776734114 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.776756048 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.778690100 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.778753042 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.778776884 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.778830051 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.780616045 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.780673981 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.780679941 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.780721903 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.782649040 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.782716036 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.782716990 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.782777071 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.784594059 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.784636974 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.784651041 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.784676075 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.786571026 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.786612988 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.786619902 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.786655903 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.788589954 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.788646936 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.788666964 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.788696051 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.790564060 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.790611029 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.790640116 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.790673971 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.797460079 CEST49743443192.168.2.5142.250.180.226
                                                                                                                                              Jul 7, 2021 16:19:39.856065035 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.864707947 CEST44349743142.250.180.226192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.870138884 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.872438908 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.873493910 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.889971018 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.906217098 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.906265020 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.906328917 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.906399965 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.907972097 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.908005953 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.908093929 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.911485910 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.911520958 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.911602020 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.911644936 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.914834023 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.914865971 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.914942980 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.914977074 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.917860031 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:39.917876005 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:39.918345928 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.918386936 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.918432951 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.918508053 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.921781063 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.921823978 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.921881914 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.921926975 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.925332069 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.925395012 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.925493956 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.925537109 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.927503109 CEST4434973785.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.927634954 CEST49737443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.928698063 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.928742886 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.928791046 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.929033041 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.929397106 CEST4434974685.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.929475069 CEST49746443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.930401087 CEST4434974585.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.930488110 CEST49745443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.932137966 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.932188034 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.932226896 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.932256937 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.935612917 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.935739994 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.947348118 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.947422028 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:39.953587055 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.953618050 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.953708887 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.955275059 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.955296040 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.955377102 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.958754063 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.958782911 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.958831072 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.958862066 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.962176085 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.962208986 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.962266922 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.965606928 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.965630054 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.965713024 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.969055891 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.969084024 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.969135046 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.969167948 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.972523928 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.972554922 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.972611904 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.975963116 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.975991011 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.976035118 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.976057053 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.977487087 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.977678061 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:39.977881908 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.977967024 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:39.979446888 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.979475021 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.979516029 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.979547977 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.982913017 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.982939959 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.982992887 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.983457088 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:39.983588934 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:39.986439943 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.986463070 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.986514091 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.986540079 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.988996983 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.989027023 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.989114046 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.989193916 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.991837025 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.991862059 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.991905928 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.991930008 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.994616032 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.994647026 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.994695902 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.994716883 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:39.997442007 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.997472048 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.997550964 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:40.000281096 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.000303030 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.000382900 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:40.003086090 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.003109932 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.003196001 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:40.005934000 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.006125927 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:40.006788015 CEST49751443192.168.2.535.227.209.167
                                                                                                                                              Jul 7, 2021 16:19:40.046096087 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.046396971 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.061542988 CEST4434975135.227.209.167192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.067663908 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.067750931 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.067825079 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.067827940 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.067862988 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.067873001 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.067881107 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.067923069 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.067970991 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.067990065 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.068013906 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.068016052 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.068049908 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.068058014 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.068094969 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.068149090 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.075088978 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.075454950 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.075653076 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.083758116 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.094069004 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.126168966 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.126261950 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.126341105 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.126416922 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.126451015 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.126476049 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.126478910 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.129097939 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.130021095 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.130100012 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.130614042 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.130688906 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.138726950 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.138777018 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.138816118 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.138878107 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.138907909 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.138920069 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.140232086 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.140315056 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.144326925 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.144356012 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.144398928 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.144442081 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.145239115 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.154817104 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.157109976 CEST49756443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.175568104 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.177090883 CEST49755443192.168.2.5216.58.214.194
                                                                                                                                              Jul 7, 2021 16:19:40.190932989 CEST44349755216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.211944103 CEST44349756216.58.214.194192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.426322937 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:40.483843088 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.483884096 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.483911991 CEST4434973985.31.204.81192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:40.483926058 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:40.483969927 CEST49739443192.168.2.585.31.204.81
                                                                                                                                              Jul 7, 2021 16:19:44.319806099 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:44.319897890 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:44.319972038 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:44.320014000 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:44.320468903 CEST49741443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:44.325774908 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:44.325814009 CEST4434974046.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:44.325890064 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:44.325923920 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:44.326160908 CEST49740443192.168.2.546.105.202.207
                                                                                                                                              Jul 7, 2021 16:19:44.369843006 CEST4434974146.105.202.207192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:44.375830889 CEST4434974046.105.202.207192.168.2.5

                                                                                                                                              UDP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Jul 7, 2021 16:18:08.084530115 CEST5244153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:08.130726099 CEST53524418.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:09.334423065 CEST6217653192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:09.382443905 CEST53621768.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:09.485014915 CEST5959653192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:09.555056095 CEST53595968.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:10.440381050 CEST6529653192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:10.495359898 CEST53652968.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:11.646542072 CEST6318353192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:11.694940090 CEST53631838.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:13.035132885 CEST6015153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:13.081505060 CEST53601518.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:14.139647961 CEST5696953192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:14.185878038 CEST53569698.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:15.339871883 CEST5516153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:15.386109114 CEST53551618.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:16.529110909 CEST5475753192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:16.584440947 CEST53547578.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:17.950264931 CEST4999253192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:17.996478081 CEST53499928.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.389908075 CEST6007553192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:20.444008112 CEST53600758.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:20.647758007 CEST5501653192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:20.696362019 CEST53550168.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:36.161525965 CEST5381353192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:36.220650911 CEST53538138.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:18:40.911262989 CEST6373253192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:18:40.967371941 CEST53637328.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:03.852724075 CEST5734453192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:03.909598112 CEST53573448.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:08.766072989 CEST5445053192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:08.833605051 CEST53544508.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:16.703607082 CEST5926153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:16.775482893 CEST53592618.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:22.148367882 CEST5715153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:22.204935074 CEST53571518.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:34.233503103 CEST5643253192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:34.289171934 CEST53564328.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:37.000659943 CEST6100453192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:37.056885958 CEST53610048.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:37.108648062 CEST5689553192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:37.166660070 CEST53568958.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.239557981 CEST6237253192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:38.311676025 CEST53623728.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:38.977114916 CEST6151553192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:38.982193947 CEST5667553192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:39.035197020 CEST5717253192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:39.036107063 CEST53615158.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.037107944 CEST53566758.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.077255011 CEST5526753192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:39.093420029 CEST53571728.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.131894112 CEST53552678.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.151463032 CEST5096953192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:39.200596094 CEST53509698.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.450536013 CEST6436253192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:39.504690886 CEST53643628.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:39.846795082 CEST5476653192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:39.913527966 CEST53547668.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:51.669810057 CEST6144653192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:51.727696896 CEST53614468.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:19:54.833399057 CEST5751553192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:19:54.891074896 CEST53575158.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:06.822349072 CEST5819953192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:06.877989054 CEST53581998.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:07.828789949 CEST5819953192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:07.875370979 CEST53581998.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:07.896188974 CEST6522153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:07.945730925 CEST53652218.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:08.830646038 CEST5819953192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:08.877408028 CEST53581998.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:08.892146111 CEST6522153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:08.949754000 CEST53652218.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:09.892213106 CEST6522153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:09.944355965 CEST53652218.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:10.847820044 CEST5819953192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:10.897819042 CEST53581998.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:11.907320976 CEST6522153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:11.964919090 CEST53652218.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:14.845395088 CEST5819953192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:14.900710106 CEST53581998.8.8.8192.168.2.5
                                                                                                                                              Jul 7, 2021 16:20:15.923302889 CEST6522153192.168.2.58.8.8.8
                                                                                                                                              Jul 7, 2021 16:20:15.982098103 CEST53652218.8.8.8192.168.2.5

                                                                                                                                              DNS Queries

                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                              Jul 7, 2021 16:18:20.389908075 CEST192.168.2.58.8.8.80xbeeStandard query (0)www.touslesdrivers.comA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:34.233503103 CEST192.168.2.58.8.8.80x6dfStandard query (0)www.touslesdrivers.comA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:37.108648062 CEST192.168.2.58.8.8.80xf631Standard query (0)www.touslesdrivers.comA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:38.239557981 CEST192.168.2.58.8.8.80x3dddStandard query (0)www.touslesdrivers.comA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:38.977114916 CEST192.168.2.58.8.8.80x5a92Standard query (0)ads.sportslocalmedia.comA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:38.982193947 CEST192.168.2.58.8.8.80x30acStandard query (0)securepubads.g.doubleclick.netA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.035197020 CEST192.168.2.58.8.8.80xeafaStandard query (0)tags.smilewanted.comA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.151463032 CEST192.168.2.58.8.8.80x6328Standard query (0)cdn.appconsent.ioA (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.846795082 CEST192.168.2.58.8.8.80xb80dStandard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)

                                                                                                                                              DNS Answers

                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                              Jul 7, 2021 16:18:20.444008112 CEST8.8.8.8192.168.2.50xbeeNo error (0)www.touslesdrivers.comsrv1.touslesdrivers.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:18:20.444008112 CEST8.8.8.8192.168.2.50xbeeNo error (0)srv1.touslesdrivers.com85.31.204.81A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:34.289171934 CEST8.8.8.8192.168.2.50x6dfNo error (0)www.touslesdrivers.comsrv1.touslesdrivers.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:34.289171934 CEST8.8.8.8192.168.2.50x6dfNo error (0)srv1.touslesdrivers.com85.31.204.81A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:37.166660070 CEST8.8.8.8192.168.2.50xf631No error (0)www.touslesdrivers.comsrv1.touslesdrivers.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:37.166660070 CEST8.8.8.8192.168.2.50xf631No error (0)srv1.touslesdrivers.com85.31.204.81A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:38.311676025 CEST8.8.8.8192.168.2.50x3dddNo error (0)www.touslesdrivers.comsrv1.touslesdrivers.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:38.311676025 CEST8.8.8.8192.168.2.50x3dddNo error (0)srv1.touslesdrivers.com85.31.204.81A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.036107063 CEST8.8.8.8192.168.2.50x5a92No error (0)ads.sportslocalmedia.comads.sportslocalmedia.com.web.cdn.anycast.meCNAME (Canonical name)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.036107063 CEST8.8.8.8192.168.2.50x5a92No error (0)ads.sportslocalmedia.com.web.cdn.anycast.me46-105-202-207.any.cdn.anycast.meCNAME (Canonical name)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.036107063 CEST8.8.8.8192.168.2.50x5a92No error (0)46-105-202-207.any.cdn.anycast.me46.105.202.207A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.037107944 CEST8.8.8.8192.168.2.50x30acNo error (0)securepubads.g.doubleclick.netpartnerad.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.037107944 CEST8.8.8.8192.168.2.50x30acNo error (0)partnerad.l.doubleclick.net142.250.180.226A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.093420029 CEST8.8.8.8192.168.2.50xeafaNo error (0)tags.smilewanted.com104.26.7.39A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.093420029 CEST8.8.8.8192.168.2.50xeafaNo error (0)tags.smilewanted.com172.67.71.185A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.093420029 CEST8.8.8.8192.168.2.50xeafaNo error (0)tags.smilewanted.com104.26.6.39A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.200596094 CEST8.8.8.8192.168.2.50x6328No error (0)cdn.appconsent.io35.227.209.167A (IP address)IN (0x0001)
                                                                                                                                              Jul 7, 2021 16:19:39.913527966 CEST8.8.8.8192.168.2.50xb80dNo error (0)googleads.g.doubleclick.net216.58.214.194A (IP address)IN (0x0001)

                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                              • www.touslesdrivers.com

                                                                                                                                              HTTP Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                              0192.168.2.54973585.31.204.8180C:\Users\user\AppData\Local\Temp\curl_x64.exe
                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                              Jul 7, 2021 16:19:38.407059908 CEST5945OUTGET /index.php?v_page=31&v_id=8KVKWmfznwDbzahM HTTP/1.1
                                                                                                                                              Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                              Accept-Language: en-US
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                              Host: www.touslesdrivers.com
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              Jul 7, 2021 16:19:38.464884043 CEST5946INHTTP/1.1 301 Moved Permanently
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Location: https://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM
                                                                                                                                              Server: HTTP
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Date: Wed, 07 Jul 2021 14:19:35 GMT
                                                                                                                                              Content-Length: 211
                                                                                                                                              Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 64 c3 a9 70 6c 61 63 c3 a9 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 74 20 64 c3 a9 70 6c 61 63 c3 a9 3c 2f 68 31 3e 43 65 20 64 6f 63 75 6d 65 6e 74 20 70 65 75 74 20 c3 aa 74 72 65 20 63 6f 6e 73 75 6c 74 c3 a9 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 75 73 6c 65 73 64 72 69 76 65 72 73 2e 63 6f 6d 2f 69 6e 64 65 78 2e 70 68 70 3f 76 5f 70 61 67 65 3d 33 31 26 61 6d 70 3b 76 5f 69 64 3d 38 4b 56 4b 57 6d 66 7a 6e 77 44 62 7a 61 68 4d 22 3e 69 63 69 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                              Data Ascii: <head><title>Document dplac</title></head><body><h1>Objet dplac</h1>Ce document peut tre consult <a HREF="https://www.touslesdrivers.com/index.php?v_page=31&amp;v_id=8KVKWmfznwDbzahM">ici</a></body>


                                                                                                                                              HTTPS Packets

                                                                                                                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                              Jul 7, 2021 16:19:39.159789085 CEST46.105.202.207443192.168.2.549741CN=ads.slmads.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri May 21 17:28:17 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Thu Aug 19 17:28:17 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                              Jul 7, 2021 16:19:39.160123110 CEST46.105.202.207443192.168.2.549740CN=ads.slmads.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri May 21 17:28:17 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Thu Aug 19 17:28:17 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                              Jul 7, 2021 16:19:39.195291042 CEST104.26.7.39443192.168.2.549747CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Aug 18 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Wed Aug 18 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                              Jul 7, 2021 16:19:39.198674917 CEST104.26.7.39443192.168.2.549748CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Aug 18 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Wed Aug 18 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                              Jul 7, 2021 16:19:39.224272966 CEST142.250.180.226443192.168.2.549743CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Jun 22 15:35:18 CEST 2021 Thu Jun 15 02:00:42 CEST 2017Tue Sep 14 15:35:17 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                                                                                                                              Jul 7, 2021 16:19:39.240375996 CEST142.250.180.226443192.168.2.549742CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Jun 22 15:35:18 CEST 2021 Thu Jun 15 02:00:42 CEST 2017Tue Sep 14 15:35:17 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                                                                                                                              Jul 7, 2021 16:19:39.332803965 CEST35.227.209.167443192.168.2.549752CN=cdn.appconsent.io CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed May 26 12:09:31 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Tue Aug 24 12:09:31 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                              Jul 7, 2021 16:19:39.334471941 CEST35.227.209.167443192.168.2.549751CN=cdn.appconsent.io CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed May 26 12:09:31 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Tue Aug 24 12:09:31 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                              Jul 7, 2021 16:19:40.067873001 CEST216.58.214.194443192.168.2.549755CN=*.g.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BETue Jun 22 15:35:26 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020Tue Sep 14 15:35:25 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=GTS CA 1C3, O=Google Trust Services LLC, C=USCN=GTS Root R1, O=Google Trust Services LLC, C=USThu Aug 13 02:00:42 CEST 2020Thu Sep 30 02:00:42 CEST 2027
                                                                                                                                              CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEFri Jun 19 02:00:42 CEST 2020Fri Jan 28 01:00:42 CET 2028
                                                                                                                                              Jul 7, 2021 16:19:40.068058014 CEST216.58.214.194443192.168.2.549756CN=*.g.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BETue Jun 22 15:35:26 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020Tue Sep 14 15:35:25 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                              CN=GTS CA 1C3, O=Google Trust Services LLC, C=USCN=GTS Root R1, O=Google Trust Services LLC, C=USThu Aug 13 02:00:42 CEST 2020Thu Sep 30 02:00:42 CEST 2027
                                                                                                                                              CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEFri Jun 19 02:00:42 CEST 2020Fri Jan 28 01:00:42 CET 2028

                                                                                                                                              Code Manipulations

                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              High Level Behavior Distribution

                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                              Behavior

                                                                                                                                              Click to jump to process

                                                                                                                                              System Behavior

                                                                                                                                              Analysis Process: Mes_Drivers_3.0.4.exe PID: 400 Parent PID: 5784

                                                                                                                                              General

                                                                                                                                              Start time:16:18:14
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:'C:\Users\user\Desktop\Mes_Drivers_3.0.4.exe'
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:1624440 bytes
                                                                                                                                              MD5 hash:50A5E891DA27E63D54E68511E48AA026
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000000.218185318.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                              Reputation:low

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: cmd.exe PID: 1500 Parent PID: 400

                                                                                                                                              General

                                                                                                                                              Start time:16:18:16
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:'C:\Windows\system32\cmd.exe' /C START '' 'C:\Users\user\AppData\Local\Temp\interface.lnk'
                                                                                                                                              Imagebase:0x150000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: conhost.exe PID: 2904 Parent PID: 1500

                                                                                                                                              General

                                                                                                                                              Start time:16:18:16
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff7ecfc0000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: detection.exe PID: 5556 Parent PID: 400

                                                                                                                                              General

                                                                                                                                              Start time:16:18:17
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\detection.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\detection.exe'
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:1165312 bytes
                                                                                                                                              MD5 hash:02BA1C44B6392F013A7AA0B91314F45A
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: webshell_asp_generic, Description: Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, Source: 00000004.00000003.399944667.00000000009B3000.00000004.00000001.sdmp, Author: Arnim Rupp
                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000004.00000003.225305782.000000007FA70000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000004.00000003.401509038.0000000002A78000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000004.00000003.401894830.00000000024D1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                              Antivirus matches:
                                                                                                                                              • Detection: 10%, Metadefender, Browse
                                                                                                                                              • Detection: 28%, ReversingLabs
                                                                                                                                              Reputation:low

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: conhost.exe PID: 5976 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:17
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff7ecfc0000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: cmd.exe PID: 5064 Parent PID: 1500

                                                                                                                                              General

                                                                                                                                              Start time:16:18:17
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\interface.cmd' '
                                                                                                                                              Imagebase:0x150000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: conhost.exe PID: 5468 Parent PID: 5064

                                                                                                                                              General

                                                                                                                                              Start time:16:18:18
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff7ecfc0000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: mode.com PID: 5624 Parent PID: 5064

                                                                                                                                              General

                                                                                                                                              Start time:16:18:18
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\mode.com
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:MODE CON: COLS=76 LINES=15
                                                                                                                                              Imagebase:0x7ff797770000
                                                                                                                                              File size:27648 bytes
                                                                                                                                              MD5 hash:D781CD6A6484C276A4D0750D9206A382
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:moderate

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: cmd.exe PID: 2588 Parent PID: 5064

                                                                                                                                              General

                                                                                                                                              Start time:16:18:19
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /S /D /c' VER '
                                                                                                                                              Imagebase:0x150000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: findstr.exe PID: 6040 Parent PID: 5064

                                                                                                                                              General

                                                                                                                                              Start time:16:18:19
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:FINDSTR /I /R /C:'version 5\.[0-1]\.'
                                                                                                                                              Imagebase:0x11c0000
                                                                                                                                              File size:29696 bytes
                                                                                                                                              MD5 hash:8B534A7FC0630DE41BB1F98C882C19EC
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:moderate

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: curl_x64.exe PID: 5968 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:20
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\curl_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request GET 'https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4'
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:860232 bytes
                                                                                                                                              MD5 hash:E80C8CB9887A7C9426D4E843DDDB8A44
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Antivirus matches:
                                                                                                                                              • Detection: 0%, Metadefender, Browse
                                                                                                                                              • Detection: 0%, ReversingLabs

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: waitfor.exe PID: 2172 Parent PID: 5064

                                                                                                                                              General

                                                                                                                                              Start time:16:18:20
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\waitfor.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:WAITFOR unlock
                                                                                                                                              Imagebase:0x910000
                                                                                                                                              File size:32256 bytes
                                                                                                                                              MD5 hash:83E921720CA3BD03CF6BF5686E802C3D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: waitfor.exe PID: 1012 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:21
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\waitfor.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:WAITFOR /S DESKTOP-716T771 /SI unlock
                                                                                                                                              Imagebase:0x910000
                                                                                                                                              File size:32256 bytes
                                                                                                                                              MD5 hash:83E921720CA3BD03CF6BF5686E802C3D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: sc.exe PID: 5852 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:28
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:SC query Winmgmt
                                                                                                                                              Imagebase:0xb60000
                                                                                                                                              File size:60928 bytes
                                                                                                                                              MD5 hash:24A3E2603E63BCB9695A2935D3B24695
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: waitfor.exe PID: 2904 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:30
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\waitfor.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:WAITFOR /S DESKTOP-716T771 /SI unlock
                                                                                                                                              Imagebase:0x910000
                                                                                                                                              File size:32256 bytes
                                                                                                                                              MD5 hash:83E921720CA3BD03CF6BF5686E802C3D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: detect_x64.exe PID: 360 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:34
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\detect_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\detect_x64.exe' driverfiles 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                                                                                                                                              Imagebase:0x7ff7a7450000
                                                                                                                                              File size:82432 bytes
                                                                                                                                              MD5 hash:6A7EC375AF8BA2E87FF7F23497E9944E
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Antivirus matches:
                                                                                                                                              • Detection: 0%, Metadefender, Browse
                                                                                                                                              • Detection: 0%, ReversingLabs

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: detect_x64.exe PID: 5504 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:34
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\detect_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\detect_x64.exe' drivernodes 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                                                                                                                                              Imagebase:0x7ff7a7450000
                                                                                                                                              File size:82432 bytes
                                                                                                                                              MD5 hash:6A7EC375AF8BA2E87FF7F23497E9944E
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: detect_x64.exe PID: 1012 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:35
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\detect_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\detect_x64.exe' hwids 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                                                                                                                                              Imagebase:0x7ff7a7450000
                                                                                                                                              File size:82432 bytes
                                                                                                                                              MD5 hash:6A7EC375AF8BA2E87FF7F23497E9944E
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: detect_x64.exe PID: 1692 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:35
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\detect_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\detect_x64.exe' stack 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                                                                                                                                              Imagebase:0x7ff7a7450000
                                                                                                                                              File size:82432 bytes
                                                                                                                                              MD5 hash:6A7EC375AF8BA2E87FF7F23497E9944E
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: detect_x64.exe PID: 1704 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:18:36
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\detect_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\detect_x64.exe' status 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*
                                                                                                                                              Imagebase:0x7ff7a7450000
                                                                                                                                              File size:82432 bytes
                                                                                                                                              MD5 hash:6A7EC375AF8BA2E87FF7F23497E9944E
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: waitfor.exe PID: 6812 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:19:27
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\waitfor.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:WAITFOR /S DESKTOP-716T771 /SI unlock
                                                                                                                                              Imagebase:0x910000
                                                                                                                                              File size:32256 bytes
                                                                                                                                              MD5 hash:83E921720CA3BD03CF6BF5686E802C3D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: aes_x64.exe PID: 7004 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:19:32
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\aes_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\aes_x64.exe' -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o 'C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' -
                                                                                                                                              Imagebase:0x7ff697680000
                                                                                                                                              File size:155136 bytes
                                                                                                                                              MD5 hash:E5125D4651C008EBA61D9FD3ABD5AB31
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000024.00000000.386024517.00007FF697695000.00000002.00020000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: C:\Users\user\AppData\Local\Temp\aes_x64.exe, Author: Joe Security
                                                                                                                                              Antivirus matches:
                                                                                                                                              • Detection: 0%, Metadefender, Browse
                                                                                                                                              • Detection: 0%, ReversingLabs

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: curl_x64.exe PID: 7020 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:19:33
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\curl_x64.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Temp\curl_x64.exe' --connect-timeout 5 --max-time 20 --fail --silent --request POST --form 'v_configuration=<C:\Users\user\AppData\Local\Temp\8KVKWmfznwDbzahM\8KVKWmfznwDbzahM' 'https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=8KVKWmfznwDbzahM&v_version=3.0.4'
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:860232 bytes
                                                                                                                                              MD5 hash:E80C8CB9887A7C9426D4E843DDDB8A44
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: cmd.exe PID: 7064 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:19:35
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:'C:\Windows\system32\cmd.exe' /C START '' 'http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM'
                                                                                                                                              Imagebase:0x150000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: waitfor.exe PID: 7072 Parent PID: 5556

                                                                                                                                              General

                                                                                                                                              Start time:16:19:35
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Windows\SysWOW64\waitfor.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:WAITFOR /S DESKTOP-716T771 /SI unlock
                                                                                                                                              Imagebase:0x910000
                                                                                                                                              File size:32256 bytes
                                                                                                                                              MD5 hash:83E921720CA3BD03CF6BF5686E802C3D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: iexplore.exe PID: 7120 Parent PID: 7064

                                                                                                                                              General

                                                                                                                                              Start time:16:19:36
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' http://www.touslesdrivers.com/index.php?v_page=31&v_id=8KVKWmfznwDbzahM
                                                                                                                                              Imagebase:0x7ff69bf80000
                                                                                                                                              File size:823560 bytes
                                                                                                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Analysis Process: iexplore.exe PID: 3000 Parent PID: 7120

                                                                                                                                              General

                                                                                                                                              Start time:16:19:37
                                                                                                                                              Start date:07/07/2021
                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7120 CREDAT:17410 /prefetch:2
                                                                                                                                              Imagebase:0x1030000
                                                                                                                                              File size:822536 bytes
                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Chronological Activities

                                                                                                                                              Disassembly

                                                                                                                                              Code Analysis

                                                                                                                                              Reset < >

                                                                                                                                                Analysis Process: Mes_Drivers_3.0.4.exe PID: 400 Parent PID: 5784 Mes_Drivers_3.0.4.exeCOMMON

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:4.7%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:7.5%
                                                                                                                                                Total number of Nodes:958
                                                                                                                                                Total number of Limit Nodes:29

                                                                                                                                                Graph

                                                                                                                                                execution_graph 21432 408500 21433 408525 21432->21433 21434 40850f 21432->21434 21434->21433 21436 4084b8 21434->21436 21437 4084c8 GetModuleFileNameW 21436->21437 21439 4084e4 21436->21439 21440 4096fc GetModuleFileNameW 21437->21440 21439->21433 21441 40974a 21440->21441 21450 4095e0 21441->21450 21443 409776 21444 409790 21443->21444 21445 409788 LoadLibraryExW 21443->21445 21476 4066b8 21444->21476 21445->21444 21451 409601 21450->21451 21452 406658 12 API calls 21451->21452 21453 40961e 21452->21453 21484 406a80 21453->21484 21455 40965a 21488 409328 21455->21488 21460 409681 GetUserDefaultUILanguage 21496 408cd4 EnterCriticalSection 21460->21496 21461 409672 21462 409448 14 API calls 21461->21462 21464 40967f 21462->21464 21468 4066b8 12 API calls 21464->21468 21470 4096ec 21468->21470 21469 4096c3 21469->21464 21533 409514 21469->21533 21470->21443 21471 4096a9 GetSystemDefaultUILanguage 21472 408cd4 30 API calls 21471->21472 21474 4096b6 21472->21474 21475 409448 14 API calls 21474->21475 21475->21469 21477 4066be 21476->21477 21478 4066e4 21477->21478 21648 4044a0 12 API calls 21477->21648 21480 406658 21478->21480 21481 406679 21480->21481 21482 40665e 21480->21482 21481->21439 21482->21481 21649 4044a0 12 API calls 21482->21649 21485 406a84 21484->21485 21486 406aa8 21485->21486 21555 4044a0 12 API calls 21485->21555 21486->21455 21551 40766c 21486->21551 21489 40934a 21488->21489 21492 40935c 21488->21492 21556 40900c 21489->21556 21491 409354 21584 40938c 12 API calls 21491->21584 21494 406658 12 API calls 21492->21494 21495 40937e 21494->21495 21495->21460 21495->21461 21497 408d20 LeaveCriticalSection 21496->21497 21498 408d00 21496->21498 21499 406658 12 API calls 21497->21499 21500 408d11 LeaveCriticalSection 21498->21500 21501 408d31 IsValidLocale 21499->21501 21502 408dc1 21500->21502 21503 408d40 21501->21503 21504 408d8f EnterCriticalSection 21501->21504 21510 406658 12 API calls 21502->21510 21506 408d54 21503->21506 21507 408d49 21503->21507 21599 4072b8 21504->21599 21595 4089bc 15 API calls 21506->21595 21594 408bb8 18 API calls 21507->21594 21508 408dac lstrcpynW LeaveCriticalSection 21508->21502 21513 408dd6 21510->21513 21512 408d52 21512->21504 21521 409448 21513->21521 21514 408d5d GetSystemDefaultUILanguage 21514->21504 21515 408d67 21514->21515 21516 408d78 GetSystemDefaultUILanguage 21515->21516 21596 406a38 12 API calls 21515->21596 21597 4089bc 15 API calls 21516->21597 21519 408d85 21598 406a38 12 API calls 21519->21598 21522 409466 21521->21522 21523 406658 12 API calls 21522->21523 21530 409483 21523->21530 21524 4094e1 21525 406658 12 API calls 21524->21525 21526 4094e8 21525->21526 21527 4066b8 12 API calls 21526->21527 21528 409502 21527->21528 21528->21469 21528->21471 21529 40766c 12 API calls 21529->21530 21530->21524 21530->21526 21530->21529 21601 4074fc 21530->21601 21616 4093dc 21530->21616 21636 40673c 21533->21636 21536 409564 21537 4074fc 12 API calls 21536->21537 21538 409571 21537->21538 21539 4093dc 14 API calls 21538->21539 21542 409578 21539->21542 21540 4095b1 21541 4066b8 12 API calls 21540->21541 21543 4095cb 21541->21543 21542->21540 21544 4074fc 12 API calls 21542->21544 21545 406658 12 API calls 21543->21545 21546 40959f 21544->21546 21547 4095d3 21545->21547 21548 4093dc 14 API calls 21546->21548 21547->21464 21549 4095a6 21548->21549 21549->21540 21550 406658 12 API calls 21549->21550 21550->21540 21552 407677 21551->21552 21638 4067e0 21552->21638 21555->21486 21557 409023 21556->21557 21558 409037 GetModuleFileNameW 21557->21558 21559 40904c 21557->21559 21560 409066 21558->21560 21561 409059 lstrcpynW 21559->21561 21562 409074 RegOpenKeyExW 21560->21562 21563 40921b 21560->21563 21561->21560 21564 409135 21562->21564 21565 40909b RegOpenKeyExW 21562->21565 21568 406658 12 API calls 21563->21568 21585 408e18 12 API calls 21564->21585 21565->21564 21566 4090b9 RegOpenKeyExW 21565->21566 21566->21564 21570 4090d7 RegOpenKeyExW 21566->21570 21569 409230 21568->21569 21569->21491 21570->21564 21572 4090f5 RegOpenKeyExW 21570->21572 21571 409153 RegQueryValueExW 21573 409171 21571->21573 21574 4091a4 RegQueryValueExW 21571->21574 21572->21564 21577 409113 RegOpenKeyExW 21572->21577 21586 404484 21573->21586 21575 4091c0 21574->21575 21576 4091a2 21574->21576 21580 404484 12 API calls 21575->21580 21582 40920a RegCloseKey 21576->21582 21592 4044a0 12 API calls 21576->21592 21577->21563 21577->21564 21579 409179 RegQueryValueExW 21579->21576 21581 4091c8 RegQueryValueExW 21580->21581 21581->21576 21582->21491 21584->21492 21585->21571 21587 40449b 21586->21587 21589 404488 21586->21589 21587->21579 21588 404492 21588->21579 21589->21588 21593 404574 12 API calls 21589->21593 21591 4045d3 21591->21579 21592->21582 21593->21591 21594->21512 21595->21514 21596->21516 21597->21519 21598->21504 21600 4072be 21599->21600 21600->21508 21602 407500 21601->21602 21603 40756e 21601->21603 21604 406a38 21602->21604 21605 407508 21602->21605 21607 406a4c 21604->21607 21623 4065ac 21604->21623 21605->21603 21606 407517 21605->21606 21629 406a38 21605->21629 21606->21603 21611 4065ac 12 API calls 21606->21611 21608 406a7c 21607->21608 21628 4044a0 12 API calls 21607->21628 21608->21530 21613 407538 21611->21613 21614 406a38 12 API calls 21613->21614 21615 40756a 21614->21615 21615->21530 21617 4093f1 21616->21617 21618 40940e FindFirstFileW 21617->21618 21619 409424 21618->21619 21620 40941e FindClose 21618->21620 21621 406658 12 API calls 21619->21621 21620->21619 21622 409439 21621->21622 21622->21530 21624 4065b0 21623->21624 21625 4065e4 21623->21625 21624->21625 21626 404484 12 API calls 21624->21626 21625->21607 21627 4065bf 21626->21627 21627->21607 21628->21608 21630 406a3c 21629->21630 21633 406a4c 21629->21633 21632 4065ac 12 API calls 21630->21632 21630->21633 21631 406a7c 21631->21606 21632->21633 21633->21631 21635 4044a0 12 API calls 21633->21635 21635->21631 21637 406740 GetUserDefaultUILanguage GetLocaleInfoW 21636->21637 21637->21536 21639 4065ac 12 API calls 21638->21639 21640 4067f0 21639->21640 21643 40667c 21640->21643 21644 406682 21643->21644 21646 40669d 21643->21646 21644->21646 21647 4044a0 12 API calls 21644->21647 21646->21455 21647->21646 21648->21477 21649->21481 21650 420640 SetErrorMode 21651 4072b8 21650->21651 21652 420678 LoadLibraryW 21651->21652 21653 406584 21656 406458 21653->21656 21657 406480 21656->21657 21658 40646f 21656->21658 21659 406489 GetCurrentThreadId 21657->21659 21660 406496 21657->21660 21674 4063c0 GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 21658->21674 21659->21660 21671 404528 21660->21671 21663 406479 21663->21657 21664 4064dd 21665 404528 9 API calls 21664->21665 21666 4064f5 21664->21666 21665->21664 21667 406529 FreeLibrary 21666->21667 21670 40652f 21666->21670 21667->21670 21668 40656b 21669 406560 ExitProcess 21670->21668 21670->21669 21675 40a0fc 21671->21675 21673 40452e 21673->21664 21674->21663 21676 40a131 TlsGetValue 21675->21676 21677 40a10b 21675->21677 21678 40a116 21676->21678 21679 40a13b 21676->21679 21677->21673 21683 40a0b8 12 API calls 21678->21683 21679->21673 21681 40a11b TlsGetValue 21682 40a12a 21681->21682 21682->21673 21683->21681 21684 45678c 21685 456794 21684->21685 21685->21685 21744 40a148 GetModuleHandleW 21685->21744 21689 4567f2 21690 45681f 21689->21690 21691 456bdb 21689->21691 21752 450850 21690->21752 21692 406658 12 API calls 21691->21692 21694 456bf0 21692->21694 21910 4066a0 21694->21910 21695 45682b 21697 406a38 12 API calls 21695->21697 21699 456854 21697->21699 21756 43cb80 21699->21756 21700 4066b8 12 API calls 21702 456c05 21700->21702 21703 456860 21760 4509a8 21703->21760 21705 456894 21782 4508d4 21705->21782 21707 4568a9 21786 407424 21707->21786 21711 4568db 21712 4508d4 65 API calls 21711->21712 21713 456907 21712->21713 21803 451994 21713->21803 21716 406a38 12 API calls 21717 45694d 21716->21717 21718 456978 21717->21718 21907 406a38 12 API calls 21717->21907 21719 4508d4 65 API calls 21718->21719 21734 45698d 21719->21734 21721 456a58 21722 456a99 CoInitialize 21721->21722 21908 409e88 65 API calls 21721->21908 21832 450080 21722->21832 21725 456aae 21863 44ff4c 21725->21863 21726 456a73 21909 409e88 65 API calls 21726->21909 21730 4508d4 65 API calls 21730->21734 21731 456ad9 21735 456af2 CoUninitialize 21731->21735 21732 456a89 21733 456a91 MessageBoxW 21732->21733 21733->21722 21734->21721 21734->21730 21736 4074fc 12 API calls 21734->21736 21822 4191a0 21734->21822 21829 43d338 21734->21829 21737 406658 12 API calls 21735->21737 21736->21734 21742 456b01 21737->21742 21740 456bb2 21742->21740 21884 407584 12 API calls 21742->21884 21885 4197e4 21742->21885 21898 41987c 21742->21898 21745 40a183 21744->21745 21913 4061c4 21745->21913 21748 43d4f8 21749 43d502 21748->21749 21958 43d5f0 FindResourceW 21749->21958 21751 43d532 21751->21689 21753 450857 21752->21753 21754 43cb80 68 API calls 21753->21754 21755 450877 21754->21755 21755->21695 21757 43cb86 21756->21757 21970 43abd8 21757->21970 21759 43cb9b 21759->21703 21761 406a80 12 API calls 21760->21761 21762 4509da 21761->21762 21979 43cef4 65 API calls 21762->21979 21764 450a5d 21765 450ac7 21764->21765 21767 406a80 12 API calls 21764->21767 21768 450a8d 21764->21768 21766 450b08 21765->21766 21770 450afe 21765->21770 21771 450b68 21766->21771 21772 450b20 21766->21772 21767->21768 21980 4505f8 12 API calls 21768->21980 21773 40667c 12 API calls 21770->21773 21982 43cef4 65 API calls 21771->21982 21981 451900 12 API calls 21772->21981 21776 450c01 21773->21776 21778 406658 12 API calls 21776->21778 21777 450b4a 21983 450c18 65 API calls 21777->21983 21780 450c09 21778->21780 21780->21705 21781 450b93 21781->21705 21783 4508e2 21782->21783 21784 45092b 21783->21784 21984 43cef4 65 API calls 21783->21984 21784->21707 21789 407431 21786->21789 21794 40747b 21786->21794 21787 40667c 12 API calls 21790 40746c 21787->21790 21788 40746f 21791 4065ac 12 API calls 21788->21791 21789->21788 21792 407449 21789->21792 21797 406c18 21790->21797 21791->21794 21985 4044b8 12 API calls 21792->21985 21794->21787 21795 407451 21795->21790 21796 40667c 12 API calls 21795->21796 21796->21790 21798 406b90 21797->21798 21799 406bcb 21798->21799 21800 4065ac 12 API calls 21798->21800 21799->21711 21801 406ba7 21800->21801 21801->21799 21986 4044a0 12 API calls 21801->21986 21804 45199d 21803->21804 21805 4519f7 GetTempPathW 21804->21805 21806 4519ed 21804->21806 21807 4067e0 12 API calls 21805->21807 21808 451a2d SHGetSpecialFolderPathW 21806->21808 21809 4519ef 21806->21809 21810 451a1e 21807->21810 21811 4067e0 12 API calls 21808->21811 21812 451a64 21809->21812 21813 4519f2 21809->21813 21987 418978 12 API calls 21810->21987 21815 451a55 21811->21815 21989 404844 14 API calls 21812->21989 21819 4066b8 12 API calls 21813->21819 21988 418978 12 API calls 21815->21988 21818 451a71 21990 419a38 12 API calls 21818->21990 21820 451a9b 21819->21820 21820->21716 21823 4191ba 21822->21823 21824 4191aa 21822->21824 21992 418d94 12 API calls 21823->21992 21991 418d94 12 API calls 21824->21991 21827 4191b7 21827->21734 21828 4191c5 21828->21734 21993 43d0ac 21829->21993 21831 43d352 21831->21734 21833 450089 21832->21833 22037 442ee4 21833->22037 21835 4500be 22041 448bd0 21835->22041 21839 4500d6 22053 423a90 21839->22053 21841 4500ea 22068 42990c 21841->22068 21844 423a90 96 API calls 21845 45010c 21844->21845 21846 42990c 138 API calls 21845->21846 21847 45011d 21846->21847 21848 423a90 96 API calls 21847->21848 21849 450131 21848->21849 21850 42990c 138 API calls 21849->21850 21851 450142 21850->21851 22114 449cb4 21851->22114 21853 45015d 22118 449d5c 21853->22118 21855 45016b 22125 449d70 21855->22125 21859 450183 21860 45019e CreateEventW 21859->21860 22137 407a34 21860->22137 21862 4501d3 21862->21725 22252 40675c 21863->22252 21865 44ff74 22258 44fe08 21865->22258 21867 44ffa7 22262 44846c 21867->22262 21869 44ffb3 22266 450260 21869->22266 21871 44ffc5 21872 4079e4 14 API calls 21871->21872 21873 44ffe3 21872->21873 22271 423a88 21873->22271 21875 44ffec 21876 450024 21875->21876 21879 4066a0 SysFreeString 21875->21879 21877 4079e4 14 API calls 21876->21877 21878 45003f 21877->21878 21880 423a88 87 API calls 21878->21880 21879->21876 21881 450047 21880->21881 21882 406718 SysFreeString 21881->21882 21883 450054 21882->21883 21883->21731 21886 4072b8 21885->21886 21887 4197f2 GetFileAttributesW 21886->21887 21888 41984e GetLastError 21887->21888 21891 4197ff 21887->21891 21889 41985a 21888->21889 21890 419808 21888->21890 21889->21890 21892 419864 21889->21892 21890->21742 21891->21890 21893 419814 CreateFileW 21891->21893 22333 4197a4 FindFirstFileW FindClose 21892->22333 21895 419838 GetLastError 21893->21895 21896 41982e CloseHandle 21893->21896 21895->21890 21896->21890 21897 41986b 21897->21890 21899 4072b8 21898->21899 21900 419889 DeleteFileW 21899->21900 21901 4198d1 21900->21901 21902 41989b GetLastError GetFileAttributesW 21900->21902 21901->21742 21903 4198cb SetLastError 21902->21903 21904 4198ad 21902->21904 21903->21901 21904->21903 21905 4198b6 21904->21905 21906 4198bd RemoveDirectoryW 21905->21906 21906->21901 21907->21718 21908->21726 21909->21732 21911 4066b4 21910->21911 21912 4066a6 SysFreeString 21910->21912 21911->21700 21912->21911 21914 4061fc 21913->21914 21917 406158 21914->21917 21918 406168 21917->21918 21919 4061a0 21917->21919 21918->21919 21921 4562e0 21918->21921 21919->21748 21922 456357 21921->21922 21923 4562fa 21921->21923 21922->21918 21937 4062c4 21923->21937 21925 456304 21926 456326 21925->21926 21927 406a38 12 API calls 21925->21927 21943 4097d8 21926->21943 21927->21926 21931 45633a 21948 41fda4 GetModuleHandleW 21931->21948 21934 409328 37 API calls 21935 45634b 21934->21935 21953 41f66c 80 API calls 21935->21953 21939 4062d0 21937->21939 21942 406301 21939->21942 21954 40620c 65 API calls 21939->21954 21955 406260 65 API calls 21939->21955 21956 4062b0 65 API calls 21939->21956 21942->21925 21944 404484 12 API calls 21943->21944 21945 4097e5 21944->21945 21946 41f038 GetVersionExW 21945->21946 21947 41f04f 21946->21947 21947->21931 21949 41fdc5 21948->21949 21950 41fdb5 21948->21950 21949->21934 21957 40a8c4 14 API calls 21950->21957 21952 41fdc0 21952->21949 21953->21922 21954->21939 21955->21939 21956->21939 21957->21952 21959 43d615 21958->21959 21960 43d61c LoadResource 21958->21960 21968 43d550 65 API calls 21959->21968 21962 43d636 SizeofResource LockResource 21960->21962 21963 43d62f 21960->21963 21966 43d654 21962->21966 21969 43d550 65 API calls 21963->21969 21964 43d61b 21964->21960 21966->21751 21967 43d635 21967->21962 21968->21964 21969->21967 21971 43abde 21970->21971 21974 42077c 21971->21974 21973 43abf8 21973->21759 21975 420786 GetACP 21974->21975 21977 42079d 21974->21977 21978 420f8c 67 API calls 21975->21978 21977->21973 21978->21977 21979->21764 21980->21765 21981->21777 21982->21777 21983->21781 21984->21784 21985->21795 21986->21799 21987->21813 21988->21813 21989->21818 21990->21813 21991->21827 21992->21828 21994 43d0b5 21993->21994 21997 43d0f0 21994->21997 21996 43d0d1 21996->21831 21998 43d10b 21997->21998 21999 43d1b4 21998->21999 22000 43d138 21998->22000 22032 419650 CreateFileW 21999->22032 22024 4196a8 22000->22024 22003 43d1be 22004 43d1b2 22003->22004 22033 419bd0 14 API calls 22003->22033 22007 406a38 12 API calls 22004->22007 22006 43d155 22006->22004 22028 419bd0 14 API calls 22006->22028 22008 43d221 22007->22008 22011 4066b8 12 API calls 22008->22011 22009 43d1d9 GetLastError 22034 41d53c 14 API calls 22009->22034 22014 43d23b 22011->22014 22013 43d174 GetLastError 22029 41d53c 14 API calls 22013->22029 22014->21996 22015 43d1f0 22035 41e548 65 API calls 22015->22035 22018 43d18b 22030 41e548 65 API calls 22018->22030 22019 43d212 22036 405e5c 12 API calls 22019->22036 22022 43d1ad 22031 405e5c 12 API calls 22022->22031 22025 4196f6 22024->22025 22026 4196be 22024->22026 22025->22006 22027 4196f0 CreateFileW 22026->22027 22027->22025 22028->22013 22029->22018 22030->22022 22032->22003 22033->22009 22034->22015 22035->22019 22038 442eeb 22037->22038 22039 442f10 22038->22039 22168 443114 69 API calls 22038->22168 22039->21835 22169 448990 22041->22169 22043 448c0a 22044 448c11 CoCreateInstance 22043->22044 22176 448954 22044->22176 22047 406658 12 API calls 22048 448ca4 22047->22048 22049 4297d4 22048->22049 22050 4297e1 22049->22050 22051 4297e8 22049->22051 22181 4239e0 87 API calls 22050->22181 22051->21839 22054 423aa2 22053->22054 22055 423abf 22053->22055 22057 423a90 95 API calls 22054->22057 22056 423acc VariantInit 22055->22056 22059 423ac5 22055->22059 22056->22059 22058 423ab7 22057->22058 22058->21841 22064 423b10 22059->22064 22182 42be20 26 API calls 22059->22182 22061 423b83 22061->21841 22062 423b3b 22062->22064 22183 4233f0 65 API calls 22062->22183 22064->22061 22184 42436c 95 API calls 22064->22184 22065 423b7b 22185 423a74 22065->22185 22069 429933 22068->22069 22070 429944 22068->22070 22071 42990c 138 API calls 22069->22071 22072 429952 22070->22072 22191 4239e0 87 API calls 22070->22191 22109 42993f 22071->22109 22074 429977 22072->22074 22075 42995f 22072->22075 22078 429982 22074->22078 22079 429a55 22074->22079 22076 429a32 22075->22076 22077 429965 22075->22077 22198 429800 92 API calls 22076->22198 22084 42998e 22077->22084 22085 42996d 22077->22085 22080 429972 22078->22080 22081 429a3e 22078->22081 22200 4298a0 96 API calls 22079->22200 22093 429a77 22080->22093 22094 429a67 22080->22094 22199 4296f4 91 API calls 22081->22199 22083 4066a0 SysFreeString 22088 429ac4 22083->22088 22192 4248e4 137 API calls 22084->22192 22089 4299a1 22085->22089 22090 42996f 22085->22090 22088->21844 22091 4299a7 22089->22091 22092 4299ba 22089->22092 22090->22080 22099 4299cd 22090->22099 22193 4248e4 137 API calls 22091->22193 22194 4248e4 137 API calls 22092->22194 22100 429a83 22093->22100 22101 429a8e 22093->22101 22201 4240ac 93 API calls 22094->22201 22103 429a06 22099->22103 22108 4299ef 22099->22108 22202 42436c 95 API calls 22100->22202 22203 42be20 26 API calls 22101->22203 22106 429a22 22103->22106 22107 429a0f 22103->22107 22105 429a98 22105->22109 22204 423300 65 API calls 22105->22204 22197 4248e4 137 API calls 22106->22197 22196 4248e4 137 API calls 22107->22196 22195 4248e4 137 API calls 22108->22195 22109->22083 22115 449cba 22114->22115 22205 449d34 22115->22205 22117 449cdf 22117->21853 22119 449d66 22118->22119 22120 449d60 22118->22120 22237 449e18 KillTimer 22119->22237 22236 449dbc SetTimer KillTimer 22120->22236 22123 449d6d 22123->21855 22124 449d65 22124->21855 22126 449d75 22125->22126 22127 449d92 22125->22127 22126->22127 22128 449d84 22126->22128 22129 449d8b 22126->22129 22133 449d94 22127->22133 22238 449dbc SetTimer KillTimer 22128->22238 22239 449e18 KillTimer 22129->22239 22132 449d89 22132->22127 22134 449db7 22133->22134 22135 449daa 22133->22135 22134->21859 22135->22134 22240 449e18 KillTimer 22135->22240 22138 407a3d 22137->22138 22164 407a7a 22137->22164 22139 407a52 22138->22139 22140 407a7f 22138->22140 22143 407a56 22139->22143 22144 407ab9 22139->22144 22141 407a90 22140->22141 22142 407a86 22140->22142 22241 4066e8 12 API calls 22141->22241 22145 40667c 12 API calls 22142->22145 22147 407a5a 22143->22147 22148 407a9c 22143->22148 22149 407ac0 22144->22149 22150 407ac7 22144->22150 22145->22164 22154 407ad0 22147->22154 22155 407a5e 22147->22155 22152 407aa3 22148->22152 22153 407aad 22148->22153 22156 406658 12 API calls 22149->22156 22151 4066b8 12 API calls 22150->22151 22151->22164 22158 4066a0 SysFreeString 22152->22158 22242 406718 22153->22242 22154->22164 22246 407a1c 12 API calls 22154->22246 22160 407a62 22155->22160 22161 407adf 22155->22161 22156->22164 22158->22164 22162 407afd 22160->22162 22167 407a6a 22160->22167 22163 407a34 14 API calls 22161->22163 22161->22164 22162->22164 22247 4079e4 22162->22247 22163->22161 22164->21862 22167->22164 22251 408448 14 API calls 22167->22251 22168->22039 22170 4489b4 22169->22170 22171 4489bc CLSIDFromProgID 22170->22171 22172 448954 67 API calls 22171->22172 22173 4489c7 22172->22173 22174 4066a0 SysFreeString 22173->22174 22175 4489dc 22174->22175 22175->22043 22177 448960 22176->22177 22178 44895b 22176->22178 22177->22047 22180 448938 67 API calls 22178->22180 22180->22177 22181->22051 22182->22062 22183->22064 22184->22065 22186 423a81 22185->22186 22187 423a7b 22185->22187 22190 4239e0 87 API calls 22186->22190 22187->22061 22189 423a86 22189->22061 22190->22189 22191->22072 22192->22109 22193->22109 22194->22109 22195->22109 22196->22109 22197->22109 22198->22109 22199->22109 22200->22109 22201->22109 22202->22109 22203->22105 22204->22109 22206 449d94 KillTimer 22205->22206 22207 449d50 22206->22207 22210 449c5c 22207->22210 22209 449d55 22209->22117 22211 449c65 22210->22211 22212 449c71 22210->22212 22214 449b8c 22211->22214 22212->22209 22215 449b92 22214->22215 22218 44444c GetClassInfoW 22215->22218 22217 449bb2 22217->22212 22219 44447c 22218->22219 22220 4444a5 22219->22220 22221 44448a UnregisterClassW 22219->22221 22222 44449b RegisterClassW 22219->22222 22228 40aaf8 22220->22228 22221->22222 22222->22220 22224 4444d3 22225 4444f0 22224->22225 22232 4442b4 22224->22232 22225->22217 22227 4444e7 SetWindowLongW 22227->22225 22235 4048b4 22228->22235 22230 40ab0b CreateWindowExW 22231 40ab45 22230->22231 22231->22224 22233 4442c4 VirtualAlloc 22232->22233 22234 4442f2 22232->22234 22233->22234 22234->22227 22235->22230 22236->22124 22237->22123 22238->22132 22239->22127 22240->22134 22241->22164 22243 40671e 22242->22243 22244 406724 SysFreeString 22243->22244 22245 406736 22243->22245 22244->22243 22245->22164 22246->22154 22248 407a13 22247->22248 22249 4079fa 22247->22249 22248->22162 22249->22248 22250 407a34 14 API calls 22249->22250 22250->22249 22251->22167 22253 406762 SysAllocStringLen 22252->22253 22254 406778 22252->22254 22253->22254 22255 406638 22253->22255 22254->21865 22256 406654 22255->22256 22257 406644 SysAllocStringLen 22255->22257 22256->21865 22257->22255 22257->22256 22259 44fe28 22258->22259 22274 448aa4 22259->22274 22261 44fe3e 22261->21867 22263 448472 22262->22263 22285 447ff4 22263->22285 22265 448487 22265->21869 22319 44a604 22266->22319 22268 450289 22269 4066a0 SysFreeString 22268->22269 22270 4502bb 22269->22270 22270->21871 22272 423a74 87 API calls 22271->22272 22273 423a8e 22272->22273 22273->21875 22283 409938 22274->22283 22277 448954 67 API calls 22278 448af5 22277->22278 22279 406658 12 API calls 22278->22279 22280 448b7b 22279->22280 22281 406658 12 API calls 22280->22281 22282 448b83 22281->22282 22282->22261 22284 40993e CoCreateInstance 22283->22284 22284->22277 22286 447ffa 22285->22286 22289 447264 22286->22289 22288 44800f 22288->22265 22290 44726f 22289->22290 22295 44974c 22290->22295 22294 447296 22294->22288 22296 449755 22295->22296 22297 447285 22295->22297 22314 446fd4 CreateEventW CreateEventW 22296->22314 22299 44710c 22297->22299 22315 420168 7 API calls 22299->22315 22301 447136 22302 447171 22301->22302 22306 44715b 22301->22306 22316 404d14 13 API calls 22302->22316 22304 44717b 22317 41e548 65 API calls 22304->22317 22308 406658 12 API calls 22306->22308 22307 44719d 22318 405e5c 12 API calls 22307->22318 22310 4471d7 22308->22310 22310->22294 22314->22297 22315->22301 22316->22304 22317->22307 22320 44a633 22319->22320 22327 4188b4 22320->22327 22323 406a38 12 API calls 22324 44a685 22323->22324 22325 406658 12 API calls 22324->22325 22326 44a6a3 22325->22326 22326->22268 22328 4188c1 22327->22328 22329 4067e0 12 API calls 22328->22329 22330 4188da 22329->22330 22331 4188ec 22330->22331 22332 4188e6 CharUpperBuffW 22330->22332 22331->22323 22332->22331 22333->21897 22334 444b68 22335 444b86 22334->22335 22349 444c16 22334->22349 22350 43908c 81 API calls 22335->22350 22337 444b90 22351 444214 79 API calls 22337->22351 22339 444b9f 22352 43dce0 79 API calls 22339->22352 22341 444ba8 22342 40a0fc 12 API calls 22341->22342 22343 444bbf 22342->22343 22344 40a0fc 12 API calls 22343->22344 22345 444bca 22344->22345 22353 4097d0 12 API calls 22345->22353 22347 444bff 22354 4443cc 22347->22354 22350->22337 22351->22339 22352->22341 22353->22347 22355 444429 22354->22355 22356 4443dc 22354->22356 22355->22349 22356->22355 22357 444404 VirtualFree 22356->22357 22357->22356 22358 44cdc8 22359 44cde7 22358->22359 22360 44ce0c 22358->22360 22367 44c424 GetModuleFileNameW 22359->22367 22362 406658 12 API calls 22360->22362 22364 44ce21 22362->22364 22368 4067e0 12 API calls 22367->22368 22369 44c469 22368->22369 22383 44c2b0 22369->22383 22372 44c483 22374 406658 12 API calls 22372->22374 22373 406a38 12 API calls 22373->22372 22375 44c498 22374->22375 22376 44c508 22375->22376 22377 44c528 22376->22377 22378 44c53d LoadTypeLibEx 22377->22378 22379 448954 67 API calls 22378->22379 22380 44c548 22379->22380 22381 4066a0 SysFreeString 22380->22381 22382 44c55d InterlockedExchange 22381->22382 22382->22360 22384 44c2dd 22383->22384 22385 44c2f4 22384->22385 22386 44c32a 22384->22386 22387 407424 12 API calls 22385->22387 22388 406658 12 API calls 22386->22388 22389 44c300 22387->22389 22400 44c331 22388->22400 22390 406c18 12 API calls 22389->22390 22392 44c30c 22390->22392 22391 44c340 FindFirstFileW 22393 44c34d 22391->22393 22391->22400 22395 44c315 GetLongPathNameW 22392->22395 22394 406658 12 API calls 22393->22394 22396 44c354 22394->22396 22397 407424 12 API calls 22395->22397 22399 44c325 22396->22399 22413 419ad4 12 API calls 22396->22413 22397->22399 22402 4066b8 12 API calls 22399->22402 22400->22391 22400->22396 22408 406a80 12 API calls 22400->22408 22411 407584 12 API calls 22400->22411 22412 419a74 12 API calls 22400->22412 22405 44c3fb 22402->22405 22404 44c3cf 22406 4074fc 12 API calls 22404->22406 22407 406658 12 API calls 22405->22407 22406->22399 22409 44c403 22407->22409 22410 44c3a1 FindClose 22408->22410 22409->22372 22409->22373 22410->22400 22412->22400 22413->22404 22414 40358c 22415 403624 22414->22415 22416 40359c 22414->22416 22419 402ec0 22415->22419 22420 40362d 22415->22420 22417 4035e0 22416->22417 22418 4035a9 22416->22418 22424 403010 10 API calls 22417->22424 22421 4035b4 22418->22421 22425 403010 10 API calls 22418->22425 22422 40389f 22419->22422 22427 402ee4 VirtualQuery 22419->22427 22428 402fc5 22419->22428 22423 403645 22420->22423 22436 403754 22420->22436 22431 403668 22423->22431 22437 40372c 22423->22437 22457 40364c 22423->22457 22441 4035f7 22424->22441 22444 4035c1 22425->22444 22426 4037b8 22430 403010 10 API calls 22426->22430 22453 4037d1 22426->22453 22438 402f8d 22427->22438 22439 402f1d 22427->22439 22429 402fc3 22428->22429 22434 403010 10 API calls 22428->22434 22447 403868 22430->22447 22443 4036a8 Sleep 22431->22443 22431->22457 22432 40361d 22455 402fdc 22434->22455 22435 4035d9 22436->22426 22442 403790 Sleep 22436->22442 22436->22453 22440 403010 10 API calls 22437->22440 22466 403010 22438->22466 22439->22438 22451 402f48 22439->22451 22452 402f4a VirtualAlloc 22439->22452 22458 403735 22440->22458 22441->22432 22448 403394 10 API calls 22441->22448 22442->22426 22449 4037aa Sleep 22442->22449 22450 4036c0 Sleep 22443->22450 22443->22457 22444->22435 22454 403394 10 API calls 22444->22454 22446 40374d 22447->22453 22459 403394 10 API calls 22447->22459 22448->22432 22449->22436 22450->22431 22451->22452 22452->22438 22456 402f60 VirtualAlloc 22452->22456 22454->22435 22455->22429 22463 403394 10 API calls 22455->22463 22456->22438 22460 402f76 22456->22460 22458->22446 22461 403394 10 API calls 22458->22461 22462 40388c 22459->22462 22460->22429 22461->22446 22463->22429 22464 402f94 22464->22429 22487 403394 22464->22487 22469 403028 22466->22469 22478 402de3 22466->22478 22467 403234 22472 40324e Sleep 22467->22472 22479 40328e 22467->22479 22468 403049 22468->22464 22475 40303a 22469->22475 22477 4030c5 Sleep 22469->22477 22470 403391 22470->22464 22471 402db8 VirtualAlloc 22471->22478 22476 403264 Sleep 22472->22476 22472->22479 22474 403128 22486 403134 22474->22486 22513 402cf8 22474->22513 22475->22468 22475->22474 22481 403109 Sleep 22475->22481 22476->22467 22477->22475 22480 4030db Sleep 22477->22480 22478->22464 22478->22466 22478->22467 22478->22470 22478->22471 22507 402d70 22478->22507 22482 402cf8 VirtualAlloc 22479->22482 22483 4032ac 22479->22483 22480->22469 22481->22474 22485 40311f Sleep 22481->22485 22482->22483 22483->22464 22485->22475 22486->22464 22488 4033a9 22487->22488 22489 40348c 22487->22489 22490 4033af 22488->22490 22495 403426 Sleep 22488->22495 22489->22490 22491 402e1c 22489->22491 22492 4033b8 22490->22492 22493 4034a1 22490->22493 22498 40346a Sleep 22490->22498 22494 403586 22491->22494 22496 402d70 2 API calls 22491->22496 22492->22429 22505 403520 VirtualFree 22493->22505 22506 4034c4 22493->22506 22494->22429 22495->22490 22497 403440 Sleep 22495->22497 22499 402e2d 22496->22499 22497->22488 22498->22493 22500 403480 Sleep 22498->22500 22501 402e43 VirtualFree 22499->22501 22502 402e5d 22499->22502 22500->22490 22503 402e54 22501->22503 22502->22503 22504 402e66 VirtualQuery VirtualFree 22502->22504 22503->22429 22504->22502 22504->22503 22505->22429 22506->22429 22508 402db6 22507->22508 22509 402d79 22507->22509 22508->22478 22509->22508 22510 402d84 Sleep 22509->22510 22511 402d99 22510->22511 22511->22508 22512 402d9d Sleep 22511->22512 22512->22509 22517 402c8c 22513->22517 22515 402d00 VirtualAlloc 22516 402d17 22515->22516 22516->22486 22518 402c2c 22517->22518 22518->22515 22519 406aac 22520 406ab0 22519->22520 22521 406ad3 22519->22521 22522 4066a0 22520->22522 22523 406ac3 SysReAllocStringLen 22520->22523 22524 4066b4 22522->22524 22525 4066a6 SysFreeString 22522->22525 22523->22521 22526 406638 22523->22526 22525->22524 22527 406654 22526->22527 22528 406644 SysAllocStringLen 22526->22528 22528->22526 22528->22527 22529 406810 22530 4066a0 22529->22530 22531 406818 SysAllocStringLen 22529->22531 22534 4066b4 22530->22534 22535 4066a6 SysFreeString 22530->22535 22532 406638 22531->22532 22533 406829 SysFreeString 22531->22533 22536 406654 22532->22536 22537 406644 SysAllocStringLen 22532->22537 22535->22534 22537->22532 22537->22536 22538 409fb0 22539 40a022 22538->22539 22540 409fc9 22538->22540 22558 404954 12 API calls 22540->22558 22542 409fd3 22559 404954 12 API calls 22542->22559 22544 409fdd 22560 404954 12 API calls 22544->22560 22546 409fe7 22561 408854 DeleteCriticalSection 22546->22561 22548 409fec 22549 409fff 22548->22549 22571 4044a0 12 API calls 22548->22571 22562 404418 22549->22562 22553 40667c 12 API calls 22554 40a00e 22553->22554 22555 40667c 12 API calls 22554->22555 22556 40a018 22555->22556 22557 40667c 12 API calls 22556->22557 22557->22539 22558->22542 22559->22544 22560->22546 22561->22548 22563 404421 CloseHandle 22562->22563 22564 404433 22562->22564 22563->22564 22565 404441 22564->22565 22578 403dfc VirtualQuery Sleep Sleep VirtualAlloc MessageBoxA 22564->22578 22566 404463 22565->22566 22567 40444a VirtualFree 22565->22567 22572 404368 22566->22572 22567->22566 22571->22549 22573 40438d 22572->22573 22574 40437b VirtualFree 22573->22574 22575 404391 22573->22575 22574->22573 22576 4043f7 VirtualFree 22575->22576 22577 40440d 22575->22577 22576->22575 22577->22553 22578->22565 22579 418934 22580 418942 22579->22580 22581 418963 CompareStringW 22580->22581 22582 448578 22583 448593 22582->22583 22608 448054 22583->22608 22587 4485d8 22588 44861a 22587->22588 22625 404d14 13 API calls 22587->22625 22592 448954 67 API calls 22588->22592 22590 4485f3 22626 41e548 65 API calls 22590->22626 22595 44862c 22592->22595 22593 448615 22627 405e5c 12 API calls 22593->22627 22596 44867f 22595->22596 22628 404d14 13 API calls 22595->22628 22631 448190 67 API calls 22596->22631 22599 448658 22629 41e548 65 API calls 22599->22629 22600 44869c 22604 4486bf 22600->22604 22605 448954 67 API calls 22600->22605 22602 44867a 22630 405e5c 12 API calls 22602->22630 22606 4066b8 12 API calls 22604->22606 22605->22604 22607 4486fc 22606->22607 22610 44805d 22608->22610 22609 4480e0 22614 448954 67 API calls 22609->22614 22610->22609 22632 404d14 13 API calls 22610->22632 22612 4480b9 22633 41e548 65 API calls 22612->22633 22617 4480fc 22614->22617 22615 4480db 22634 405e5c 12 API calls 22615->22634 22635 447644 25 API calls 22617->22635 22619 448137 22620 4066b8 12 API calls 22619->22620 22621 448151 22620->22621 22622 406718 SysFreeString 22621->22622 22623 448166 22622->22623 22624 448190 67 API calls 22623->22624 22624->22587 22625->22590 22626->22593 22628->22599 22629->22602 22631->22600 22632->22612 22633->22615 22635->22619 22636 409f3c GetSystemInfo

                                                                                                                                                Executed Functions

                                                                                                                                                Function 0044C2B0, Relevance: 4.6, APIs: 3, Instructions: 96fileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                			E0044C2B0(char __eax, void* __ebx, intOrPtr* __edx, void* __edi, char __esi) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				char _v604;
				char _v608;
				char _v612;
				void* _t58;
				intOrPtr* _t62;
				intOrPtr _t73;
				void* _t80;
				void* _t85;

				_t81 = __esi;
				_push(__esi);
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_t62 = __edx;
				_v8 = __eax;
				E0040673C(_v8);
				_push(_t85);
				_push(0x44c404);
				_push( *[fs:eax]);
				 *[fs:eax] = _t85 + 0xfffffda0;
				if( *0x458918 == 0) {
					E00406658(_t62);
					while(1) {
						_t80 = FindFirstFileW(E004072B8(_v8),  &_v600);
						if(_t80 == 0xffffffff) {
							break;
						}
						_push(0x44c420);
						E0040734C( &_v604, 0x104,  &(_v600.cFileName));
						_push(_v604);
						_push( *_t62);
						E00407584(_t62, _t62, 3, _t80, _t81);
						E00419A74(_v8,  &_v608);
						E00406A80( &_v8, _v608);
						FindClose(_t80);
						_t81 = _v8;
						if(_t81 != 0) {
							_t81 =  *((intOrPtr*)(_t81 - 4));
						}
						if(_t81 > 2) {
							continue;
						} else {
							L8:
							if( *_t62 != 0) {
								E00419AD4(_v8,  &_v612);
								E004074FC(_t62,  *_t62, _v612);
							}
							L10:
							_pop(_t73);
							 *[fs:eax] = _t73;
							_push(0x44c40b);
							E004066B8( &_v612, 3);
							return E00406658( &_v8);
						}
					}
					E00406658(_t62);
					goto L8;
				}
				E00407424(_t62, 0, 0x105);
				_t58 =  *0x458918(E004072B8(_v8), E00406C18(_t62), 0x104); // executed
				E00407424(_t62, 0, _t58);
				goto L10;
			}













                                                                                                                                                0x0044c2b0
                                                                                                                                                0x0044c2ba
                                                                                                                                                0x0044c2be
                                                                                                                                                0x0044c2c4
                                                                                                                                                0x0044c2ca
                                                                                                                                                0x0044c2d0
                                                                                                                                                0x0044c2d2
                                                                                                                                                0x0044c2d8
                                                                                                                                                0x0044c2df
                                                                                                                                                0x0044c2e0
                                                                                                                                                0x0044c2e5
                                                                                                                                                0x0044c2e8
                                                                                                                                                0x0044c2f2
                                                                                                                                                0x0044c32c
                                                                                                                                                0x0044c331
                                                                                                                                                0x0044c346
                                                                                                                                                0x0044c34b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0044c356
                                                                                                                                                0x0044c36c
                                                                                                                                                0x0044c371
                                                                                                                                                0x0044c377
                                                                                                                                                0x0044c380
                                                                                                                                                0x0044c38e
                                                                                                                                                0x0044c39c
                                                                                                                                                0x0044c3a2
                                                                                                                                                0x0044c3a7
                                                                                                                                                0x0044c3ac
                                                                                                                                                0x0044c3b1
                                                                                                                                                0x0044c3b1
                                                                                                                                                0x0044c3b6
                                                                                                                                                0x00000000
                                                                                                                                                0x0044c3bc
                                                                                                                                                0x0044c3bc
                                                                                                                                                0x0044c3bf
                                                                                                                                                0x0044c3ca
                                                                                                                                                0x0044c3d9
                                                                                                                                                0x0044c3d9
                                                                                                                                                0x0044c3de
                                                                                                                                                0x0044c3e0
                                                                                                                                                0x0044c3e3
                                                                                                                                                0x0044c3e6
                                                                                                                                                0x0044c3f6
                                                                                                                                                0x0044c403
                                                                                                                                                0x0044c403
                                                                                                                                                0x0044c3b6
                                                                                                                                                0x0044c34f
                                                                                                                                                0x00000000
                                                                                                                                                0x0044c34f
                                                                                                                                                0x0044c2fb
                                                                                                                                                0x0044c316
                                                                                                                                                0x0044c320
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetLongPathNameW.KERNELBASE(00000000,00000000,00000104), ref: 0044C316
                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,0044C404), ref: 0044C341
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileFindFirstLongNamePath
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1502323026-0
                                                                                                                                                • Opcode ID: 719a6e42e559144f637aca422b1d939e339a9b974acb50b6df4450421440a699
                                                                                                                                                • Instruction ID: 03565896c61021fb2ee898d3b4fd61a94f003fc0cb4358114dae8133a6d1d5c8
                                                                                                                                                • Opcode Fuzzy Hash: 719a6e42e559144f637aca422b1d939e339a9b974acb50b6df4450421440a699
                                                                                                                                                • Instruction Fuzzy Hash: 7A31E330A052589FDB10EF69CC8669DB3B9AB44304F1044BEF809B3392DB38AE459A59
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00409514, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                			E00409514(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E0040673C(_v8);
				_push(_t61);
				_push(0x4095d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00402834();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040734C( &_v20, 4,  &_v16);
				E004074FC(_t44, _v20, _v8);
				_t29 = E004093DC( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040734C( &_v24, 4,  &_v16);
					E004074FC(_t44, _v24, _v8);
					_t40 = E004093DC( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00406658(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E004095DB);
				E004066B8( &_v24, 2);
				return E00406658( &_v8);
			}













                                                                                                                                                0x0040951a
                                                                                                                                                0x0040951d
                                                                                                                                                0x00409520
                                                                                                                                                0x00409523
                                                                                                                                                0x00409525
                                                                                                                                                0x0040952b
                                                                                                                                                0x00409532
                                                                                                                                                0x00409533
                                                                                                                                                0x00409538
                                                                                                                                                0x0040953b
                                                                                                                                                0x00409540
                                                                                                                                                0x00409546
                                                                                                                                                0x0040954f
                                                                                                                                                0x0040955f
                                                                                                                                                0x0040956c
                                                                                                                                                0x00409573
                                                                                                                                                0x0040957a
                                                                                                                                                0x0040957c
                                                                                                                                                0x0040958d
                                                                                                                                                0x0040959a
                                                                                                                                                0x004095a1
                                                                                                                                                0x004095a8
                                                                                                                                                0x004095ac
                                                                                                                                                0x004095ac
                                                                                                                                                0x004095a8
                                                                                                                                                0x004095b3
                                                                                                                                                0x004095b6
                                                                                                                                                0x004095b9
                                                                                                                                                0x004095c6
                                                                                                                                                0x004095d3

                                                                                                                                                APIs
                                                                                                                                                • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,004095D4,?,?), ref: 00409546
                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,004095D4,?,?), ref: 0040954F
                                                                                                                                                  • Part of subcall function 004093DC: FindFirstFileW.KERNEL32(00000000,?,00000000,0040943A,?,00000001), ref: 0040940F
                                                                                                                                                  • Part of subcall function 004093DC: FindClose.KERNEL32(00000000,00000000,?,00000000,0040943A,?,00000001), ref: 0040941F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3216391948-0
                                                                                                                                                • Opcode ID: a5435af2690ed83d03cafef96d5c95a9a92018838943695a9f89185b5a8808e4
                                                                                                                                                • Instruction ID: 15de35645d8bf70296df6676663de938cef6acefe7a400a34489ff6f15f698f6
                                                                                                                                                • Opcode Fuzzy Hash: a5435af2690ed83d03cafef96d5c95a9a92018838943695a9f89185b5a8808e4
                                                                                                                                                • Instruction Fuzzy Hash: 26117570A041099BDB04FB96C992AADB3B9EF48304F51447EB904F33D2DB786E04C669
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004093DC, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 46%
                                                                                                                                                			E004093DC(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E0040673C(_v8);
				_push(_t27);
				_push(0x40943a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004072B8(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E00409441);
				return E00406658( &_v8);
			}








                                                                                                                                                0x004093e5
                                                                                                                                                0x004093e6
                                                                                                                                                0x004093ec
                                                                                                                                                0x004093f3
                                                                                                                                                0x004093f4
                                                                                                                                                0x004093f9
                                                                                                                                                0x004093fc
                                                                                                                                                0x0040940f
                                                                                                                                                0x0040941c
                                                                                                                                                0x0040941f
                                                                                                                                                0x0040941f
                                                                                                                                                0x00409426
                                                                                                                                                0x00409429
                                                                                                                                                0x0040942c
                                                                                                                                                0x00409439

                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,0040943A,?,00000001), ref: 0040940F
                                                                                                                                                • FindClose.KERNEL32(00000000,00000000,?,00000000,0040943A,?,00000001), ref: 0040941F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                • Opcode ID: 7e8eb0037a2d4fec462e2177786a459ad80c2f456b19d1e266322cde48af5052
                                                                                                                                                • Instruction ID: df8ede975d1abec706a8734cf00eaa5cc95f46cf04a3a9bd0aebc18cf1da01ee
                                                                                                                                                • Opcode Fuzzy Hash: 7e8eb0037a2d4fec462e2177786a459ad80c2f456b19d1e266322cde48af5052
                                                                                                                                                • Instruction Fuzzy Hash: 04F0E230548204AEC711FB75CD1284EB3ECEB08318BA105BBB404F32D2E73C9E109518
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00448AA4, Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CoCreateInstance.OLE32(00000001,00000000,00000005,00448B94,00000000,00000000,00448AFF,?,00000000,00448B84,?,?,02406F00,?), ref: 00448AEB
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 542301482-0
                                                                                                                                                • Opcode ID: 751b9ffea23bdc3304942ecf797a50bbc05d7172f2c5f1da137a34141f1a1ef6
                                                                                                                                                • Instruction ID: 070b467c0c326727bd3fef0887191de0a453da5b4f1d3c01d230b045e4e7357b
                                                                                                                                                • Opcode Fuzzy Hash: 751b9ffea23bdc3304942ecf797a50bbc05d7172f2c5f1da137a34141f1a1ef6
                                                                                                                                                • Instruction Fuzzy Hash: 6401F7B06087446EE705DF659C53D6E7BACE749B14F62487FF400E26C1EA3C59108418
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00409F3C, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                • Opcode ID: 892a1458177ddbc30532e121afcf2d17a31201bd759466eadc3da6d18afdee03
                                                                                                                                                • Instruction ID: 5f2b6cd9aeb78cadd0574cbfd4c8ed5f84073c06ef25e4bb75ab62456a1477af
                                                                                                                                                • Opcode Fuzzy Hash: 892a1458177ddbc30532e121afcf2d17a31201bd759466eadc3da6d18afdee03
                                                                                                                                                • Instruction Fuzzy Hash: 72A012148084010BC40CB7194D4340B31801940214FC40325785CA62C2E619856402EF
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040900C, Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 174registrystringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                			E0040900C(char __eax, void* __ebx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t103;
				intOrPtr _t105;
				void* _t109;
				void* _t110;
				intOrPtr _t111;

				_t109 = _t110;
				_t111 = _t110 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E0040673C(_v8);
				_push(_t109);
				_push(0x409231);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				if(_v8 != 0) {
					lstrcpynW( &_v542, E004072B8(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(E00409238);
					return E00406658( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t109);
						_push(0x409214);
						_push( *[fs:eax]);
						 *[fs:eax] = _t111;
						E00408E18( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E00409324, 0, 0, 0,  &_v20) == 0) {
								_v12 = E00404484(_v20);
								RegQueryValueExW(_v16, E00409324, 0, 0, _v12,  &_v20);
								E00407310(_t97, _v12);
							}
						} else {
							_v12 = E00404484(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00407310(_t97, _v12);
						}
						_pop(_t105);
						 *[fs:eax] = _t105;
						_push(E0040921B);
						if(_v12 != 0) {
							E004044A0(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                                                                                                0x0040900d
                                                                                                                                                0x0040900f
                                                                                                                                                0x00409016
                                                                                                                                                0x00409018
                                                                                                                                                0x0040901e
                                                                                                                                                0x00409025
                                                                                                                                                0x00409026
                                                                                                                                                0x0040902b
                                                                                                                                                0x0040902e
                                                                                                                                                0x00409035
                                                                                                                                                0x00409061
                                                                                                                                                0x00409037
                                                                                                                                                0x00409045
                                                                                                                                                0x00409045
                                                                                                                                                0x0040906e
                                                                                                                                                0x0040921b
                                                                                                                                                0x0040921d
                                                                                                                                                0x00409220
                                                                                                                                                0x00409223
                                                                                                                                                0x00409230
                                                                                                                                                0x00409074
                                                                                                                                                0x00409076
                                                                                                                                                0x0040908e
                                                                                                                                                0x00409095
                                                                                                                                                0x00409135
                                                                                                                                                0x00409137
                                                                                                                                                0x00409138
                                                                                                                                                0x0040913d
                                                                                                                                                0x00409140
                                                                                                                                                0x0040914e
                                                                                                                                                0x0040916f
                                                                                                                                                0x004091be
                                                                                                                                                0x004091c8
                                                                                                                                                0x004091e0
                                                                                                                                                0x004091ea
                                                                                                                                                0x004091ea
                                                                                                                                                0x00409171
                                                                                                                                                0x00409179
                                                                                                                                                0x00409193
                                                                                                                                                0x0040919d
                                                                                                                                                0x0040919d
                                                                                                                                                0x004091f1
                                                                                                                                                0x004091f4
                                                                                                                                                0x004091f7
                                                                                                                                                0x00409200
                                                                                                                                                0x00409205
                                                                                                                                                0x00409205
                                                                                                                                                0x00409213
                                                                                                                                                0x0040909b
                                                                                                                                                0x004090b0
                                                                                                                                                0x004090b7
                                                                                                                                                0x00000000
                                                                                                                                                0x004090b9
                                                                                                                                                0x004090ce
                                                                                                                                                0x004090d5
                                                                                                                                                0x00000000
                                                                                                                                                0x004090d7
                                                                                                                                                0x004090ec
                                                                                                                                                0x004090f3
                                                                                                                                                0x00000000
                                                                                                                                                0x004090f5
                                                                                                                                                0x0040910a
                                                                                                                                                0x00409111
                                                                                                                                                0x00000000
                                                                                                                                                0x00409113
                                                                                                                                                0x00409128
                                                                                                                                                0x0040912f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040912f
                                                                                                                                                0x00409111
                                                                                                                                                0x004090f3
                                                                                                                                                0x004090d5
                                                                                                                                                0x004090b7
                                                                                                                                                0x00409095

                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,00409231,?,?), ref: 00409045
                                                                                                                                                • lstrcpynW.KERNEL32(?,00000000,00000105,00000000,00409231,?,?), ref: 00409061
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?,00000000,00000105,00000000,00409231,?,?), ref: 0040908E
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?,00000000,00000105,00000000,00409231), ref: 004090B0
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?), ref: 004090CE
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 004090EC
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040910A
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 00409128
                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00409214,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?,00000000), ref: 00409168
                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,00409214,?,80000001), ref: 00409193
                                                                                                                                                • RegCloseKey.ADVAPI32(?,0040921B,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,00409214,?,80000001,Software\Embarcadero\Locales), ref: 0040920E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Open$QueryValue$CloseFileModuleNamelstrcpyn
                                                                                                                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                                                • API String ID: 512384800-3496071916
                                                                                                                                                • Opcode ID: 40437729ae3c15a0b5a19c8fd79b494f63d2dc7b32d8a7f9a91b2aa39fbf7d76
                                                                                                                                                • Instruction ID: 3fe3941f57f47c9320a46739c2cf5f27722e9435ff5171952647e5bc01f72933
                                                                                                                                                • Opcode Fuzzy Hash: 40437729ae3c15a0b5a19c8fd79b494f63d2dc7b32d8a7f9a91b2aa39fbf7d76
                                                                                                                                                • Instruction Fuzzy Hash: D351F675B4020DBEEB10EA95CD46FAE73BC9B48704F5045BBBA04F61C3D6B8EE408659
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045678C, Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 302COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr* _t44;
				intOrPtr _t92;
				signed int _t96;
				void* _t105;
				intOrPtr _t107;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t119;
				void* _t125;
				void* _t177;
				intOrPtr* _t178;
				intOrPtr _t193;
				intOrPtr _t207;
				intOrPtr _t208;
				intOrPtr* _t232;
				intOrPtr _t235;
				intOrPtr* _t236;
				intOrPtr _t241;
				intOrPtr _t249;
				intOrPtr _t254;
				intOrPtr _t255;

				_t269 = __fp0;
				_t252 = __esi;
				_t251 = __edi;
				_t254 = _t255;
				_t177 = 6;
				do {
					_push(0);
					_push(0);
					_t177 = _t177 - 1;
				} while (_t177 != 0);
				_push(_t177);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				E0040A148(0x451af0);
				_push(_t254);
				_push(0x456c06);
				_push( *[fs:eax]);
				 *[fs:eax] = _t255;
				 *0x45f080 = 0;
				_t44 =  *0x458934; // 0x457000
				 *_t44 = 0;
				_push(_t254);
				_push(0x456801);
				_push( *[fs:eax]);
				 *[fs:eax] = _t255;
				_t178 =  *0x458a24; // 0x45903c
				 *0x45f080 = E0043D4F8( *_t178, 1, 0xa, L"RC_SCRIPT");
				_pop(_t207);
				 *[fs:eax] = _t207;
				if(1 == 0) {
					__eflags = 0;
					_pop(_t208);
					 *[fs:eax] = _t208;
					_push(0x456c0d);
					E00406658( &_v56);
					E004066A0( &_v52);
					return E004066B8( &_v48, 6);
				} else {
					 *0x45f078 = E00450850(1);
					 *((char*)( *0x45f078 + 4)) = 0;
					 *((char*)( *0x45f078 + 5)) = 1;
					E00406A38( *0x45f078 + 8, L"ScriptCryptor");
					 *0x45f088 = E0043CB80(1);
					 *0x45f07c = E00404DEC(1);
					 *[fs:edx] = _t255;
					E004509A8( *0x45f078, 1,  *0x45f080, __edi, __esi, 1, __fp0); // executed
					E004508D4( *0x45f078,  *0x45f07c, L"SCRIPT", __edi, _t254);
					E00407424(0x45f084,  *0x45f07c, E00407E34( *((intOrPtr*)( *((intOrPtr*)( *0x45f07c))))( *[fs:edx], 0x456bd1, _t254),  *((intOrPtr*)( *0x45f07c)), 2, 0));
					E00406C18(0x45f084);
					 *((intOrPtr*)( *((intOrPtr*)( *0x45f07c)) + 0xc))( *((intOrPtr*)( *((intOrPtr*)( *0x45f07c))))());
					E0043D3BC( *0x45f07c);
					E004508D4( *0x45f078,  *0x45f07c, L"DATASECTION", __edi, _t254);
					 *((intOrPtr*)( *((intOrPtr*)( *0x45f07c)) + 0x14))();
					 *((intOrPtr*)( *((intOrPtr*)( *0x45f07c)) + 0xc))();
					E0043D3BC( *0x45f07c);
					_t92 =  *0x45eff0; // 0x0
					E00451994(_t92,  &_v28, __esi);
					E00406A38(0x45f090, _v28);
					_t96 =  *0x45f090;
					if(_t96 != 0) {
						_t96 =  *(_t96 - 4);
					}
					if( *((short*)( *0x45f090 + _t96 * 2 - 2)) != 0x5c) {
						E004074A4(0x45f090, 0x456cac);
					}
					E004508D4( *0x45f078,  *0x45f07c, L"RESOURCES", _t251, _t254);
					_t175 =  *((intOrPtr*)( *0x45f07c));
					 *((intOrPtr*)( *((intOrPtr*)( *0x45f07c)) + 0x14))();
					 *((intOrPtr*)( *((intOrPtr*)( *0x45f088)) + 0x70))();
					_t105 =  *((intOrPtr*)( *((intOrPtr*)( *0x45f088)) + 0x14))() - 1;
					if(_t105 >= 0) {
						_v24 = _t105 + 1;
						 *0x45f08c = 0;
						do {
							E0043D3BC( *0x45f07c);
							E004191A0( *0x45f08c,  &_v32);
							E004508D4( *0x45f078,  *0x45f07c, _v32, _t251, _t254);
							 *[fs:eax] = _t255;
							_t175 =  *((intOrPtr*)( *0x45f088));
							 *((intOrPtr*)( *((intOrPtr*)( *0x45f088)) + 0xc))( *[fs:eax], 0x456a3f, _t254);
							E004074FC( &_v36, _v40,  *0x45f090);
							E0043D338( *0x45f07c,  *((intOrPtr*)( *0x45f088)), _v36, _t251); // executed
							_pop(_t249);
							 *[fs:eax] = _t249;
							 *0x45f08c =  &( *0x45f08c->i);
							_t22 =  &_v24;
							 *_t22 = _v24 - 1;
						} while ( *_t22 != 0);
					}
					_t264 =  *0x45efe8 - 0x8000;
					if( *0x45efe8 == 0x8000) {
						E00409E88(0x45198c,  &_v44, _t254, 0x30);
						E00409E88(0x451984,  &_v48, _t254, E004072B8(_v44));
						MessageBoxW(0, E004072B8(_v48), ??, ??);
					}
					L0040AF10(); // executed
					_t107 = E00450080(_t175, 0, 1, _t251, _t252, _t269);
					_t232 =  *0x458c3c; // 0x45dffc
					 *_t232 = _t107;
					E0040739C( &_v52,  *0x45f084);
					_t110 =  *0x458c3c; // 0x45dffc
					_t193 =  *0x45efec; // 0x0, executed
					E0044FF4C( *_t110, _t175, _t193, _v52, _t251, _t252, _t264); // executed
					_t235 = 0;
					 *[fs:eax] = _t235;
					_t114 =  *0x458c3c; // 0x45dffc
					E00404E1C( *_t114); // executed
					L0040AF18(); // executed
					E00406658(0x45f084);
					_t119 =  *0x458994; // 0x45e004
					_t236 =  *0x458934; // 0x457000
					 *_t236 =  *_t119;
					E00404E1C( *0x45f07c);
					_t125 =  *((intOrPtr*)( *((intOrPtr*)( *0x45f088)) + 0x14))(E00456BDB) - 1;
					if(_t125 >= 0) {
						_v24 = _t125 + 1;
						 *0x45f08c = 0;
						do {
							 *((intOrPtr*)( *((intOrPtr*)( *0x45f088)) + 0xc))(0x456cac,  *0x45f090);
							_push(_v56);
							E00407584(0x45f094,  *((intOrPtr*)( *0x45f088)), 3, _t251, _t252);
							if(E004197E4( *0x45f094, 1) != 0) {
								_push(_t254);
								_push(0x456b9d);
								_push( *[fs:eax]);
								 *[fs:eax] = _t255;
								E0041987C( *0x45f094);
								_pop(_t241);
								 *[fs:eax] = _t241;
							}
							 *0x45f08c =  &( *0x45f08c->i);
							_t35 =  &_v24;
							 *_t35 = _v24 - 1;
						} while ( *_t35 != 0);
					}
					E00404E1C( *0x45f088);
					E00404E1C( *0x45f080);
					return E00404E1C( *0x45f078);
				}
			}

































                                                                                                                                                0x0045678c
                                                                                                                                                0x0045678c
                                                                                                                                                0x0045678c
                                                                                                                                                0x0045678d
                                                                                                                                                0x0045678f
                                                                                                                                                0x00456794
                                                                                                                                                0x00456794
                                                                                                                                                0x00456796
                                                                                                                                                0x00456798
                                                                                                                                                0x00456798
                                                                                                                                                0x0045679b
                                                                                                                                                0x0045679c
                                                                                                                                                0x0045679d
                                                                                                                                                0x0045679e
                                                                                                                                                0x004567a4
                                                                                                                                                0x004567ab
                                                                                                                                                0x004567ac
                                                                                                                                                0x004567b1
                                                                                                                                                0x004567b4
                                                                                                                                                0x004567b9
                                                                                                                                                0x004567be
                                                                                                                                                0x004567c5
                                                                                                                                                0x004567cb
                                                                                                                                                0x004567cc
                                                                                                                                                0x004567d1
                                                                                                                                                0x004567d4
                                                                                                                                                0x004567de
                                                                                                                                                0x004567f2
                                                                                                                                                0x004567f9
                                                                                                                                                0x004567fc
                                                                                                                                                0x00456819
                                                                                                                                                0x00456bdb
                                                                                                                                                0x00456bdd
                                                                                                                                                0x00456be0
                                                                                                                                                0x00456be3
                                                                                                                                                0x00456beb
                                                                                                                                                0x00456bf3
                                                                                                                                                0x00456c05
                                                                                                                                                0x0045681f
                                                                                                                                                0x0045682b
                                                                                                                                                0x00456835
                                                                                                                                                0x0045683e
                                                                                                                                                0x0045684f
                                                                                                                                                0x00456860
                                                                                                                                                0x00456871
                                                                                                                                                0x00456881
                                                                                                                                                0x0045688f
                                                                                                                                                0x004568a4
                                                                                                                                                0x004568c2
                                                                                                                                                0x004568d6
                                                                                                                                                0x004568e5
                                                                                                                                                0x004568ed
                                                                                                                                                0x00456902
                                                                                                                                                0x00456912
                                                                                                                                                0x00456926
                                                                                                                                                0x0045692e
                                                                                                                                                0x00456936
                                                                                                                                                0x0045693b
                                                                                                                                                0x00456948
                                                                                                                                                0x0045694d
                                                                                                                                                0x00456954
                                                                                                                                                0x00456959
                                                                                                                                                0x00456959
                                                                                                                                                0x00456967
                                                                                                                                                0x00456973
                                                                                                                                                0x00456973
                                                                                                                                                0x00456988
                                                                                                                                                0x00456996
                                                                                                                                                0x00456998
                                                                                                                                                0x004569a8
                                                                                                                                                0x004569b5
                                                                                                                                                0x004569b8
                                                                                                                                                0x004569bf
                                                                                                                                                0x004569c2
                                                                                                                                                0x004569cc
                                                                                                                                                0x004569d1
                                                                                                                                                0x004569de
                                                                                                                                                0x004569f1
                                                                                                                                                0x00456a01
                                                                                                                                                0x00456a12
                                                                                                                                                0x00456a14
                                                                                                                                                0x00456a23
                                                                                                                                                0x00456a30
                                                                                                                                                0x00456a37
                                                                                                                                                0x00456a3a
                                                                                                                                                0x00456a49
                                                                                                                                                0x00456a4f
                                                                                                                                                0x00456a4f
                                                                                                                                                0x00456a4f
                                                                                                                                                0x004569cc
                                                                                                                                                0x00456a58
                                                                                                                                                0x00456a62
                                                                                                                                                0x00456a6e
                                                                                                                                                0x00456a84
                                                                                                                                                0x00456a94
                                                                                                                                                0x00456a94
                                                                                                                                                0x00456a9b
                                                                                                                                                0x00456aa9
                                                                                                                                                0x00456aae
                                                                                                                                                0x00456ab4
                                                                                                                                                0x00456abf
                                                                                                                                                0x00456ac7
                                                                                                                                                0x00456ace
                                                                                                                                                0x00456ad4
                                                                                                                                                0x00456adb
                                                                                                                                                0x00456ade
                                                                                                                                                0x00456ae6
                                                                                                                                                0x00456aed
                                                                                                                                                0x00456af2
                                                                                                                                                0x00456afc
                                                                                                                                                0x00456b01
                                                                                                                                                0x00456b08
                                                                                                                                                0x00456b0e
                                                                                                                                                0x00456b15
                                                                                                                                                0x00456b24
                                                                                                                                                0x00456b27
                                                                                                                                                0x00456b2e
                                                                                                                                                0x00456b31
                                                                                                                                                0x00456b3b
                                                                                                                                                0x00456b56
                                                                                                                                                0x00456b59
                                                                                                                                                0x00456b66
                                                                                                                                                0x00456b79
                                                                                                                                                0x00456b7d
                                                                                                                                                0x00456b7e
                                                                                                                                                0x00456b83
                                                                                                                                                0x00456b86
                                                                                                                                                0x00456b8e
                                                                                                                                                0x00456b95
                                                                                                                                                0x00456b98
                                                                                                                                                0x00456b98
                                                                                                                                                0x00456ba7
                                                                                                                                                0x00456bad
                                                                                                                                                0x00456bad
                                                                                                                                                0x00456bad
                                                                                                                                                0x00456b3b
                                                                                                                                                0x00456bb7
                                                                                                                                                0x00456bc1
                                                                                                                                                0x00456bd0
                                                                                                                                                0x00456bd0

                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @;C$DATASECTION$RC_SCRIPT$RESOURCES$SCRIPT$ScriptCryptor$E
                                                                                                                                                • API String ID: 0-2664652100
                                                                                                                                                • Opcode ID: 2d750c1a77a12e1201c25858602e52bdfd2979582e60773e9754ce4ea13ca4a4
                                                                                                                                                • Instruction ID: da2bf4732cbb172941c49c2c10c94de97c893611fe876b108c48ffb1cd4c56f4
                                                                                                                                                • Opcode Fuzzy Hash: 2d750c1a77a12e1201c25858602e52bdfd2979582e60773e9754ce4ea13ca4a4
                                                                                                                                                • Instruction Fuzzy Hash: E6C13E74601600CFD700EF65E891A5A77F1EB49716B55807AFC04EB3A3DA39EC09CB6A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403394, Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 151 403394-4033a3 152 4033a9-4033ad 151->152 153 40348c-40348f 151->153 154 403410-403419 152->154 155 4033af-4033b6 152->155 156 403495-40349f 153->156 157 40357c-403580 153->157 154->155 164 40341b-403424 154->164 158 4033e4-4033e6 155->158 159 4033b8-4033c3 155->159 160 403450-40345d 156->160 161 4034a1-4034ad 156->161 162 403586-40358b 157->162 163 402e1c-402e41 call 402d70 157->163 172 4033e8-4033f9 158->172 173 4033fb 158->173 168 4033c5-4033ca 159->168 169 4033cc-4033e1 159->169 160->161 166 40345f-403468 160->166 170 4034e4-4034f2 161->170 171 4034af-4034b2 161->171 182 402e43-402e52 VirtualFree 163->182 183 402e5d-402e64 163->183 164->154 165 403426-40343a Sleep 164->165 165->155 176 403440-40344b Sleep 165->176 166->160 177 40346a-40347e Sleep 166->177 174 4034f4-4034f9 call 402bec 170->174 175 4034b6-4034ba 170->175 171->175 172->173 179 4033fe-40340b 172->179 173->179 174->175 184 4034fc-403509 175->184 185 4034bc-4034c2 175->185 176->154 177->161 181 403480-403487 Sleep 177->181 179->156 181->160 188 402e54-402e56 182->188 189 402e58-402e5b 182->189 192 402e66-402e82 VirtualQuery VirtualFree 183->192 184->185 187 40350b-403512 call 402bec 184->187 190 403514-40351e 185->190 191 4034c4-4034e2 call 402c2c 185->191 187->185 196 402e97-402e99 188->196 189->196 194 403520-403548 VirtualFree 190->194 195 40354c-403579 call 402c8c 190->195 198 402e84-402e87 192->198 199 402e89-402e8f 192->199 201 402e9b-402eab 196->201 202 402eae-402ebe 196->202 198->196 199->196 200 402e91-402e95 199->200 200->192 201->202
                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                			E00403394(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x459059; // 0x1
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00402D70();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x45baf8 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x459909;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x459059; // 0x1
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x459a68], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x459909;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x459a68], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00402BEC(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00402BEC(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x459a70 - 0x13ffe0;
							if( *0x459a70 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00402C8C(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x459a70 = 0x13ffe0;
								 *0x459a6c = _t82;
								 *0x459a68 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x459a68 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00402C2C(_t106, _t88, _t81);
							 *0x459a68 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}





























                                                                                                                                                0x00403394
                                                                                                                                                0x00403394
                                                                                                                                                0x0040339d
                                                                                                                                                0x004033a3
                                                                                                                                                0x0040348c
                                                                                                                                                0x0040348f
                                                                                                                                                0x0040357c
                                                                                                                                                0x0040357d
                                                                                                                                                0x00403580
                                                                                                                                                0x00402e1c
                                                                                                                                                0x00402e1e
                                                                                                                                                0x00402e20
                                                                                                                                                0x00402e25
                                                                                                                                                0x00402e28
                                                                                                                                                0x00402e2d
                                                                                                                                                0x00402e31
                                                                                                                                                0x00402e37
                                                                                                                                                0x00402e3b
                                                                                                                                                0x00402e41
                                                                                                                                                0x00402e5d
                                                                                                                                                0x00402e61
                                                                                                                                                0x00402e64
                                                                                                                                                0x00402e64
                                                                                                                                                0x00402e66
                                                                                                                                                0x00402e6e
                                                                                                                                                0x00402e7b
                                                                                                                                                0x00402e80
                                                                                                                                                0x00402e82
                                                                                                                                                0x00402e84
                                                                                                                                                0x00402e87
                                                                                                                                                0x00402e87
                                                                                                                                                0x00402e89
                                                                                                                                                0x00402e8d
                                                                                                                                                0x00402e8f
                                                                                                                                                0x00402e91
                                                                                                                                                0x00402e93
                                                                                                                                                0x00000000
                                                                                                                                                0x00402e93
                                                                                                                                                0x00000000
                                                                                                                                                0x00402e8f
                                                                                                                                                0x00402e43
                                                                                                                                                0x00402e4b
                                                                                                                                                0x00402e52
                                                                                                                                                0x00402e58
                                                                                                                                                0x00402e54
                                                                                                                                                0x00402e54
                                                                                                                                                0x00402e54
                                                                                                                                                0x00402e52
                                                                                                                                                0x00402e97
                                                                                                                                                0x00402e99
                                                                                                                                                0x00402ea2
                                                                                                                                                0x00402eab
                                                                                                                                                0x00402eab
                                                                                                                                                0x00402eae
                                                                                                                                                0x00402ebe
                                                                                                                                                0x00403586
                                                                                                                                                0x0040358b
                                                                                                                                                0x0040358b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004033a9
                                                                                                                                                0x004033a9
                                                                                                                                                0x004033ab
                                                                                                                                                0x004033ad
                                                                                                                                                0x00403410
                                                                                                                                                0x00403410
                                                                                                                                                0x00403415
                                                                                                                                                0x00403419
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040341b
                                                                                                                                                0x0040341d
                                                                                                                                                0x00403424
                                                                                                                                                0x00000000
                                                                                                                                                0x00403426
                                                                                                                                                0x0040342a
                                                                                                                                                0x0040342f
                                                                                                                                                0x00403430
                                                                                                                                                0x00403431
                                                                                                                                                0x00403436
                                                                                                                                                0x0040343a
                                                                                                                                                0x00403444
                                                                                                                                                0x00403449
                                                                                                                                                0x0040344a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040344a
                                                                                                                                                0x0040343a
                                                                                                                                                0x00000000
                                                                                                                                                0x00403424
                                                                                                                                                0x00403410
                                                                                                                                                0x004033af
                                                                                                                                                0x004033af
                                                                                                                                                0x004033af
                                                                                                                                                0x004033af
                                                                                                                                                0x004033b3
                                                                                                                                                0x004033b6
                                                                                                                                                0x004033e4
                                                                                                                                                0x004033e6
                                                                                                                                                0x004033fb
                                                                                                                                                0x004033fb
                                                                                                                                                0x004033e8
                                                                                                                                                0x004033e8
                                                                                                                                                0x004033eb
                                                                                                                                                0x004033ee
                                                                                                                                                0x004033f1
                                                                                                                                                0x004033f4
                                                                                                                                                0x004033f6
                                                                                                                                                0x004033f9
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004033f9
                                                                                                                                                0x004033fe
                                                                                                                                                0x00403400
                                                                                                                                                0x00403402
                                                                                                                                                0x00403405
                                                                                                                                                0x00403495
                                                                                                                                                0x00403498
                                                                                                                                                0x0040349a
                                                                                                                                                0x0040349c
                                                                                                                                                0x0040349d
                                                                                                                                                0x0040349f
                                                                                                                                                0x00403450
                                                                                                                                                0x00403450
                                                                                                                                                0x00403455
                                                                                                                                                0x0040345d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040345f
                                                                                                                                                0x00403461
                                                                                                                                                0x00403468
                                                                                                                                                0x00000000
                                                                                                                                                0x0040346a
                                                                                                                                                0x0040346c
                                                                                                                                                0x00403471
                                                                                                                                                0x00403476
                                                                                                                                                0x0040347e
                                                                                                                                                0x00403482
                                                                                                                                                0x00000000
                                                                                                                                                0x00403482
                                                                                                                                                0x0040347e
                                                                                                                                                0x00000000
                                                                                                                                                0x00403468
                                                                                                                                                0x00403450
                                                                                                                                                0x004034a1
                                                                                                                                                0x004034a1
                                                                                                                                                0x004034a9
                                                                                                                                                0x004034ad
                                                                                                                                                0x004034e4
                                                                                                                                                0x004034e7
                                                                                                                                                0x004034ea
                                                                                                                                                0x004034ec
                                                                                                                                                0x004034f2
                                                                                                                                                0x004034f4
                                                                                                                                                0x004034f4
                                                                                                                                                0x004034af
                                                                                                                                                0x004034af
                                                                                                                                                0x004034af
                                                                                                                                                0x004034b2
                                                                                                                                                0x004034b2
                                                                                                                                                0x004034b6
                                                                                                                                                0x004034ba
                                                                                                                                                0x004034fc
                                                                                                                                                0x004034ff
                                                                                                                                                0x00403501
                                                                                                                                                0x00403503
                                                                                                                                                0x00403509
                                                                                                                                                0x0040350d
                                                                                                                                                0x0040350d
                                                                                                                                                0x00403509
                                                                                                                                                0x004034bc
                                                                                                                                                0x004034c2
                                                                                                                                                0x00403514
                                                                                                                                                0x0040351e
                                                                                                                                                0x0040354c
                                                                                                                                                0x00403552
                                                                                                                                                0x00403557
                                                                                                                                                0x0040355e
                                                                                                                                                0x00403568
                                                                                                                                                0x0040356e
                                                                                                                                                0x00403575
                                                                                                                                                0x00403579
                                                                                                                                                0x00403520
                                                                                                                                                0x00403520
                                                                                                                                                0x00403523
                                                                                                                                                0x00403525
                                                                                                                                                0x00403528
                                                                                                                                                0x0040352b
                                                                                                                                                0x0040352d
                                                                                                                                                0x0040353c
                                                                                                                                                0x00403541
                                                                                                                                                0x00403544
                                                                                                                                                0x00403548
                                                                                                                                                0x00403548
                                                                                                                                                0x004034c4
                                                                                                                                                0x004034c7
                                                                                                                                                0x004034ca
                                                                                                                                                0x004034d2
                                                                                                                                                0x004034d7
                                                                                                                                                0x004034de
                                                                                                                                                0x004034e2
                                                                                                                                                0x004034e2
                                                                                                                                                0x004033b8
                                                                                                                                                0x004033b8
                                                                                                                                                0x004033ba
                                                                                                                                                0x004033c0
                                                                                                                                                0x004033c3
                                                                                                                                                0x004033cc
                                                                                                                                                0x004033cf
                                                                                                                                                0x004033d2
                                                                                                                                                0x004033d5
                                                                                                                                                0x004033d8
                                                                                                                                                0x004033db
                                                                                                                                                0x004033de
                                                                                                                                                0x004033de
                                                                                                                                                0x004033e0
                                                                                                                                                0x004033e1
                                                                                                                                                0x004033c5
                                                                                                                                                0x004033c5
                                                                                                                                                0x004033c5
                                                                                                                                                0x004033c7
                                                                                                                                                0x004033c9
                                                                                                                                                0x004033ca
                                                                                                                                                0x004033ca
                                                                                                                                                0x004033c3
                                                                                                                                                0x004033b6

                                                                                                                                                APIs
                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,00000000,00403004), ref: 0040342A
                                                                                                                                                • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,00403004), ref: 00403444
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Sleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                • Opcode ID: 1f2cec3eac059ec38d5e17fb2b22deeea1f6f599f6dd72b35cc95fa5b72d0dc4
                                                                                                                                                • Instruction ID: 66123f26551aabb46aa94c06002db9d6505f91c33f21a60575db6f87d8aa7c3c
                                                                                                                                                • Opcode Fuzzy Hash: 1f2cec3eac059ec38d5e17fb2b22deeea1f6f599f6dd72b35cc95fa5b72d0dc4
                                                                                                                                                • Instruction Fuzzy Hash: 707120716043108FE712CF29CD88B16BBD8AB85315F1882BFE844AB3D2D6B8CD45C799
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403010, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 207 403010-403022 208 403270-403275 207->208 209 403028-403038 207->209 212 403388-40338b 208->212 213 40327b-40328c 208->213 210 403090-403099 209->210 211 40303a-403047 209->211 210->211 216 40309b-4030a7 210->216 214 403060-40306c 211->214 215 403049-403056 211->215 219 403391-403393 212->219 220 402db8-402de1 VirtualAlloc 212->220 217 403234-403241 213->217 218 40328e-4032aa 213->218 221 4030e4-4030ed 214->221 222 40306e-40307c 214->222 224 403080-40308d 215->224 225 403058-40305c 215->225 216->211 226 4030a9-4030b5 216->226 217->218 223 403243-40324c 217->223 227 4032b8-4032c7 218->227 228 4032ac-4032b4 218->228 229 402e13-402e19 220->229 230 402de3-402e10 call 402d70 220->230 237 403128-403132 221->237 238 4030ef-4030fc 221->238 223->217 231 40324e-403262 Sleep 223->231 226->211 232 4030b7-4030c3 226->232 235 4032e0-4032e8 227->235 236 4032c9-4032dd 227->236 233 403314-40332a 228->233 229->207 230->229 231->218 243 403264-40326b Sleep 231->243 232->210 244 4030c5-4030d5 Sleep 232->244 241 403343-40334f 233->241 242 40332c-40333a 233->242 246 403304-403306 call 402cf8 235->246 247 4032ea-403302 235->247 236->233 239 4031a4-4031b0 237->239 240 403134-40315f 237->240 238->237 248 4030fe-403107 238->248 254 4031b2-4031c4 239->254 255 4031d8-4031e7 call 402cf8 239->255 249 403161-40316f 240->249 250 403178-403186 240->250 252 403370 241->252 253 403351-403364 241->253 242->241 251 40333c 242->251 243->217 244->211 256 4030db-4030e2 Sleep 244->256 257 40330b-403313 246->257 247->257 248->238 258 403109-40311d Sleep 248->258 249->250 260 403171 249->260 261 4031f4 250->261 262 403188-4031a2 call 402c2c 250->262 251->241 263 403375-403387 252->263 253->263 264 403366-40336b call 402c2c 253->264 265 4031c6 254->265 266 4031c8-4031d6 254->266 269 4031f9-403232 255->269 275 4031e9-4031f3 255->275 256->210 258->237 268 40311f-403126 Sleep 258->268 260->250 261->269 262->269 264->263 265->266 266->269 268->238
                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                			E00403010(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t129 =  *0x459059; // 0x1
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t156 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00402D70();
								_t99 =  *0x45bb00; // 0x45bafc
								 *_t147 = 0x45bafc;
								 *0x45bb00 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x45baf8 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t125 = (__eax + 0x000000d3 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x459a68], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x459909;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x459a68], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t141 = _t125 - 0xb30;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x459a78 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x459a74;
							if((0xfffffffe << _t132 &  *0x459a74) == 0) {
								_t133 =  *0x459a70; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00402CF8(_t125);
								} else {
									_t110 =  *0x459a6c; // 0x23c7000
									_t109 = _t110 - _t125;
									 *0x459a6c = _t109;
									 *0x459a70 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x459a68 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x459af8 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x459a78 + _t142 * 4;
								 *_t80 =  *(0x459a78 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x459a74], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00402C2C(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							 *(_t159 - 4) = _t125 + 2;
							 *0x459a68 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					__eax =  *(__edx + 0x459910) & 0x000000ff;
					__ebx = 0x457070 + ( *(__edx + 0x459910) & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x459909;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x459059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x459a68], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x459909;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x459a68], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x459a74;
							__eflags =  *(__ebx + 1) &  *0x459a74;
							if(( *(__ebx + 1) &  *0x459a74) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x459a70; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00402CF8(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x459a68 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x459a6c; // 0x23c7000
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x459a70 =  *0x459a70 - __edi;
									 *0x459a6c = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x459a78 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x459a78 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x459af8 + ( *(0x459a78 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x459a78 + __eax * 4;
									 *_t38 =  *(0x459a78 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x459a74], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00402C2C(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x459a68 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x23c7020
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                                                                                                0x0040301c
                                                                                                                                                0x00403022
                                                                                                                                                0x00403270
                                                                                                                                                0x00403275
                                                                                                                                                0x00403388
                                                                                                                                                0x00403389
                                                                                                                                                0x0040338b
                                                                                                                                                0x00402db8
                                                                                                                                                0x00402dbc
                                                                                                                                                0x00402dc8
                                                                                                                                                0x00402dd8
                                                                                                                                                0x00402ddd
                                                                                                                                                0x00402de1
                                                                                                                                                0x00402de3
                                                                                                                                                0x00402de5
                                                                                                                                                0x00402deb
                                                                                                                                                0x00402dee
                                                                                                                                                0x00402df3
                                                                                                                                                0x00402df8
                                                                                                                                                0x00402dfe
                                                                                                                                                0x00402e04
                                                                                                                                                0x00402e07
                                                                                                                                                0x00402e09
                                                                                                                                                0x00402e10
                                                                                                                                                0x00402e10
                                                                                                                                                0x00402e19
                                                                                                                                                0x00403391
                                                                                                                                                0x00403391
                                                                                                                                                0x00403393
                                                                                                                                                0x00403393
                                                                                                                                                0x0040327b
                                                                                                                                                0x00403287
                                                                                                                                                0x0040328a
                                                                                                                                                0x0040328c
                                                                                                                                                0x00403234
                                                                                                                                                0x00403239
                                                                                                                                                0x00403241
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403243
                                                                                                                                                0x00403245
                                                                                                                                                0x0040324c
                                                                                                                                                0x00000000
                                                                                                                                                0x0040324e
                                                                                                                                                0x00403250
                                                                                                                                                0x0040325a
                                                                                                                                                0x00403262
                                                                                                                                                0x00403266
                                                                                                                                                0x00000000
                                                                                                                                                0x00403266
                                                                                                                                                0x00403262
                                                                                                                                                0x00000000
                                                                                                                                                0x0040324c
                                                                                                                                                0x00403234
                                                                                                                                                0x0040328e
                                                                                                                                                0x0040328e
                                                                                                                                                0x00403296
                                                                                                                                                0x00403299
                                                                                                                                                0x004032a3
                                                                                                                                                0x004032a3
                                                                                                                                                0x004032aa
                                                                                                                                                0x004032bd
                                                                                                                                                0x004032c1
                                                                                                                                                0x004032c7
                                                                                                                                                0x004032e0
                                                                                                                                                0x004032e6
                                                                                                                                                0x004032e6
                                                                                                                                                0x004032e8
                                                                                                                                                0x00403306
                                                                                                                                                0x004032ea
                                                                                                                                                0x004032ea
                                                                                                                                                0x004032ef
                                                                                                                                                0x004032f1
                                                                                                                                                0x004032f6
                                                                                                                                                0x004032ff
                                                                                                                                                0x004032ff
                                                                                                                                                0x0040330b
                                                                                                                                                0x00403313
                                                                                                                                                0x004032c9
                                                                                                                                                0x004032c9
                                                                                                                                                0x004032d3
                                                                                                                                                0x004032db
                                                                                                                                                0x00000000
                                                                                                                                                0x004032db
                                                                                                                                                0x004032ac
                                                                                                                                                0x004032af
                                                                                                                                                0x004032b2
                                                                                                                                                0x00403314
                                                                                                                                                0x00403314
                                                                                                                                                0x00403315
                                                                                                                                                0x00403316
                                                                                                                                                0x0040331d
                                                                                                                                                0x00403320
                                                                                                                                                0x00403323
                                                                                                                                                0x00403326
                                                                                                                                                0x00403328
                                                                                                                                                0x0040332a
                                                                                                                                                0x00403331
                                                                                                                                                0x00403333
                                                                                                                                                0x00403333
                                                                                                                                                0x00403333
                                                                                                                                                0x0040333a
                                                                                                                                                0x0040333c
                                                                                                                                                0x0040333c
                                                                                                                                                0x0040333a
                                                                                                                                                0x00403348
                                                                                                                                                0x0040334d
                                                                                                                                                0x0040334d
                                                                                                                                                0x0040334f
                                                                                                                                                0x00403370
                                                                                                                                                0x00403370
                                                                                                                                                0x00403370
                                                                                                                                                0x00403351
                                                                                                                                                0x00403351
                                                                                                                                                0x00403357
                                                                                                                                                0x0040335a
                                                                                                                                                0x0040335e
                                                                                                                                                0x00403364
                                                                                                                                                0x00403366
                                                                                                                                                0x00403366
                                                                                                                                                0x00403364
                                                                                                                                                0x00403378
                                                                                                                                                0x0040337b
                                                                                                                                                0x00403387
                                                                                                                                                0x00403387
                                                                                                                                                0x004032aa
                                                                                                                                                0x00403028
                                                                                                                                                0x00403028
                                                                                                                                                0x0040302a
                                                                                                                                                0x00403031
                                                                                                                                                0x00403038
                                                                                                                                                0x00403090
                                                                                                                                                0x00403090
                                                                                                                                                0x00403095
                                                                                                                                                0x00403099
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040309b
                                                                                                                                                0x0040309b
                                                                                                                                                0x0040309e
                                                                                                                                                0x004030a3
                                                                                                                                                0x004030a7
                                                                                                                                                0x004030a9
                                                                                                                                                0x004030a9
                                                                                                                                                0x004030ac
                                                                                                                                                0x004030b1
                                                                                                                                                0x004030b5
                                                                                                                                                0x004030b7
                                                                                                                                                0x004030ba
                                                                                                                                                0x004030bc
                                                                                                                                                0x004030c3
                                                                                                                                                0x00000000
                                                                                                                                                0x004030c5
                                                                                                                                                0x004030c7
                                                                                                                                                0x004030cc
                                                                                                                                                0x004030d1
                                                                                                                                                0x004030d5
                                                                                                                                                0x004030dd
                                                                                                                                                0x00000000
                                                                                                                                                0x004030dd
                                                                                                                                                0x004030d5
                                                                                                                                                0x004030c3
                                                                                                                                                0x004030b5
                                                                                                                                                0x00000000
                                                                                                                                                0x004030a7
                                                                                                                                                0x00403090
                                                                                                                                                0x0040303a
                                                                                                                                                0x0040303a
                                                                                                                                                0x0040303d
                                                                                                                                                0x00403040
                                                                                                                                                0x00403045
                                                                                                                                                0x00403047
                                                                                                                                                0x00403060
                                                                                                                                                0x00403063
                                                                                                                                                0x00403067
                                                                                                                                                0x00403069
                                                                                                                                                0x0040306c
                                                                                                                                                0x004030e4
                                                                                                                                                0x004030e5
                                                                                                                                                0x004030e6
                                                                                                                                                0x004030ed
                                                                                                                                                0x004030ef
                                                                                                                                                0x004030ef
                                                                                                                                                0x004030f4
                                                                                                                                                0x004030fc
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004030fe
                                                                                                                                                0x00403100
                                                                                                                                                0x00403107
                                                                                                                                                0x00000000
                                                                                                                                                0x00403109
                                                                                                                                                0x0040310b
                                                                                                                                                0x00403110
                                                                                                                                                0x00403115
                                                                                                                                                0x0040311d
                                                                                                                                                0x00403121
                                                                                                                                                0x00000000
                                                                                                                                                0x00403121
                                                                                                                                                0x0040311d
                                                                                                                                                0x00000000
                                                                                                                                                0x00403107
                                                                                                                                                0x004030ef
                                                                                                                                                0x00403128
                                                                                                                                                0x0040312c
                                                                                                                                                0x0040312c
                                                                                                                                                0x00403132
                                                                                                                                                0x004031a4
                                                                                                                                                0x004031a8
                                                                                                                                                0x004031ae
                                                                                                                                                0x004031b0
                                                                                                                                                0x004031d8
                                                                                                                                                0x004031dc
                                                                                                                                                0x004031de
                                                                                                                                                0x004031e3
                                                                                                                                                0x004031e5
                                                                                                                                                0x004031e7
                                                                                                                                                0x00000000
                                                                                                                                                0x004031e9
                                                                                                                                                0x004031e9
                                                                                                                                                0x004031ee
                                                                                                                                                0x004031f0
                                                                                                                                                0x004031f1
                                                                                                                                                0x004031f2
                                                                                                                                                0x004031f3
                                                                                                                                                0x004031f3
                                                                                                                                                0x004031b2
                                                                                                                                                0x004031b2
                                                                                                                                                0x004031b8
                                                                                                                                                0x004031bc
                                                                                                                                                0x004031c2
                                                                                                                                                0x004031c4
                                                                                                                                                0x004031c6
                                                                                                                                                0x004031c6
                                                                                                                                                0x004031c8
                                                                                                                                                0x004031ca
                                                                                                                                                0x004031d0
                                                                                                                                                0x00000000
                                                                                                                                                0x004031d0
                                                                                                                                                0x00403134
                                                                                                                                                0x00403134
                                                                                                                                                0x00403137
                                                                                                                                                0x0040313e
                                                                                                                                                0x00403145
                                                                                                                                                0x00403148
                                                                                                                                                0x0040314b
                                                                                                                                                0x00403152
                                                                                                                                                0x00403155
                                                                                                                                                0x00403158
                                                                                                                                                0x0040315b
                                                                                                                                                0x0040315d
                                                                                                                                                0x0040315f
                                                                                                                                                0x00403161
                                                                                                                                                0x00403166
                                                                                                                                                0x00403168
                                                                                                                                                0x00403168
                                                                                                                                                0x00403168
                                                                                                                                                0x0040316f
                                                                                                                                                0x00403171
                                                                                                                                                0x00403171
                                                                                                                                                0x0040316f
                                                                                                                                                0x00403178
                                                                                                                                                0x0040317d
                                                                                                                                                0x00403180
                                                                                                                                                0x00403186
                                                                                                                                                0x004031f4
                                                                                                                                                0x004031f4
                                                                                                                                                0x004031f4
                                                                                                                                                0x00403188
                                                                                                                                                0x00403188
                                                                                                                                                0x0040318a
                                                                                                                                                0x0040318e
                                                                                                                                                0x00403190
                                                                                                                                                0x00403193
                                                                                                                                                0x00403196
                                                                                                                                                0x00403199
                                                                                                                                                0x0040319d
                                                                                                                                                0x0040319d
                                                                                                                                                0x004031f9
                                                                                                                                                0x004031f9
                                                                                                                                                0x004031f9
                                                                                                                                                0x004031fc
                                                                                                                                                0x004031ff
                                                                                                                                                0x00403201
                                                                                                                                                0x00403206
                                                                                                                                                0x00403208
                                                                                                                                                0x0040320b
                                                                                                                                                0x00403212
                                                                                                                                                0x00403215
                                                                                                                                                0x00403215
                                                                                                                                                0x00403218
                                                                                                                                                0x0040321c
                                                                                                                                                0x0040321f
                                                                                                                                                0x00403222
                                                                                                                                                0x00403224
                                                                                                                                                0x00403224
                                                                                                                                                0x00403226
                                                                                                                                                0x00403229
                                                                                                                                                0x0040322c
                                                                                                                                                0x0040322f
                                                                                                                                                0x00403230
                                                                                                                                                0x00403231
                                                                                                                                                0x00403232
                                                                                                                                                0x00403232
                                                                                                                                                0x0040306e
                                                                                                                                                0x0040306e
                                                                                                                                                0x0040306e
                                                                                                                                                0x0040306e
                                                                                                                                                0x00403072
                                                                                                                                                0x00403075
                                                                                                                                                0x00403078
                                                                                                                                                0x0040307b
                                                                                                                                                0x0040307c
                                                                                                                                                0x0040307c
                                                                                                                                                0x00403049
                                                                                                                                                0x00403049
                                                                                                                                                0x0040304d
                                                                                                                                                0x0040304d
                                                                                                                                                0x00403050
                                                                                                                                                0x00403053
                                                                                                                                                0x00403056
                                                                                                                                                0x00403080
                                                                                                                                                0x00403083
                                                                                                                                                0x00403086
                                                                                                                                                0x00403089
                                                                                                                                                0x0040308c
                                                                                                                                                0x0040308d
                                                                                                                                                0x00403058
                                                                                                                                                0x00403058
                                                                                                                                                0x0040305b
                                                                                                                                                0x0040305c
                                                                                                                                                0x0040305c
                                                                                                                                                0x00403056
                                                                                                                                                0x00403047

                                                                                                                                                APIs
                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 004030C7
                                                                                                                                                • Sleep.KERNEL32(0000000A,00000000), ref: 004030DD
                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 0040310B
                                                                                                                                                • Sleep.KERNEL32(0000000A,00000000), ref: 00403121
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Sleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                • Opcode ID: d4a1879d51360948af9aa405287b6672021a5bf810b19b6d4c1fb1baa3647e1a
                                                                                                                                                • Instruction ID: d98f8fd7fed65b52ccd6165105823790a6dcfbab5471963bb93e231b63962651
                                                                                                                                                • Opcode Fuzzy Hash: d4a1879d51360948af9aa405287b6672021a5bf810b19b6d4c1fb1baa3647e1a
                                                                                                                                                • Instruction Fuzzy Hash: 0FC144726013808BDB15CF29D884356BFE9AB85312F1882BFD4459B3D6C778EE41C7A9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044444C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59registryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 276 44444c-44447a GetClassInfoW 277 444486-444488 276->277 278 44447c-444484 276->278 280 44448a-444496 UnregisterClassW 277->280 281 44449b-4444a0 RegisterClassW 277->281 278->277 279 4444a5-4444da call 40aaf8 278->279 284 4444f0-4444f6 279->284 285 4444dc-4444e2 call 4442b4 279->285 280->281 281->279 287 4444e7-4444eb SetWindowLongW 285->287 287->284
                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                			E0044444C(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSW _v44;
				struct HINSTANCE__* _t6;
				WCHAR* _t8;
				struct HINSTANCE__* _t9;
				int _t10;
				void* _t11;
				struct HINSTANCE__* _t13;
				struct HWND__* _t15;
				long _t17;
				struct HINSTANCE__* _t19;
				WCHAR* _t20;
				struct HWND__* _t22;
				WCHAR* _t24;

				_t6 =  *0x45bc50; // 0x400000
				 *0x458840 = _t6;
				_t8 =  *0x458854; // 0x444430
				_t9 =  *0x45bc50; // 0x400000
				_t10 = GetClassInfoW(_t9, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L0040AA80 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t19 =  *0x45bc50; // 0x400000
						_t20 =  *0x458854; // 0x444430
						UnregisterClassW(_t20, _t19);
					}
					RegisterClassW(0x458830);
				}
				_t13 =  *0x45bc50; // 0x400000
				_t24 =  *0x458854; // 0x444430
				_t15 = E0040AAF8(0x80, _t24, 0, _t13, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					_t17 = E004442B4(_a4, _a8); // executed
					SetWindowLongW(_t22, 0xfffffffc, _t17);
				}
				return _t22;
			}
















                                                                                                                                                0x00444453
                                                                                                                                                0x00444458
                                                                                                                                                0x00444461
                                                                                                                                                0x00444467
                                                                                                                                                0x0044446d
                                                                                                                                                0x00444475
                                                                                                                                                0x00444477
                                                                                                                                                0x0044447a
                                                                                                                                                0x00444488
                                                                                                                                                0x0044448a
                                                                                                                                                0x00444490
                                                                                                                                                0x00444496
                                                                                                                                                0x00444496
                                                                                                                                                0x004444a0
                                                                                                                                                0x004444a0
                                                                                                                                                0x004444b6
                                                                                                                                                0x004444c3
                                                                                                                                                0x004444ce
                                                                                                                                                0x004444d3
                                                                                                                                                0x004444da
                                                                                                                                                0x004444e2
                                                                                                                                                0x004444eb
                                                                                                                                                0x004444eb
                                                                                                                                                0x004444f6

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                • String ID: 0DD
                                                                                                                                                • API String ID: 4025006896-1049506570
                                                                                                                                                • Opcode ID: d8ecce0a5b3cee223f6d5bc638e3f90d975df0148a145ef17585369a2c7aad77
                                                                                                                                                • Instruction ID: f78ca04a3f9cf15320f82936c720150d7e845f1326e6f316e572b90f539a189f
                                                                                                                                                • Opcode Fuzzy Hash: d8ecce0a5b3cee223f6d5bc638e3f90d975df0148a145ef17585369a2c7aad77
                                                                                                                                                • Instruction Fuzzy Hash: 6C013C713003046BDB41EBA89D81F5A3398E748315F14852AF905E73D2DE39E8148BAD
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004197E4, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 288 4197e4-4197fd call 4072b8 GetFileAttributesW 291 4197ff-419802 288->291 292 41984e-419858 GetLastError 288->292 295 419804-419806 291->295 296 419847-41984c 291->296 293 41985a-41985d 292->293 294 41986f-419871 292->294 293->294 298 41985f-419862 293->298 297 419875-419878 294->297 299 419808-41980a 295->299 300 41980c-41980e 295->300 296->297 298->294 301 419864-41986d call 4197a4 298->301 299->297 302 419810-419812 300->302 303 419814-41982c CreateFileW 300->303 301->294 308 419873 301->308 302->297 305 419838-419845 GetLastError 303->305 306 41982e-419836 CloseHandle 303->306 305->297 306->297 308->297
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004197E4(void* __eax, void* __edx) {
				signed char _t14;
				void* _t21;
				void* _t28;
				long _t29;
				WCHAR* _t32;
				void* _t33;

				_t28 = __edx;
				_t33 = __eax;
				_t32 = E004072B8(__eax);
				_t14 = GetFileAttributesW(_t32); // executed
				if(_t14 == 0xffffffff) {
					_t29 = GetLastError();
					if(_t29 == 2 || _t29 == 3 || _t29 == 0x7b || E004197A4(_t33) == 0) {
						return 0;
					} else {
						return 1;
					}
				}
				if((_t14 & 0x00000004) == 0) {
					return _t14 & 0xffffff00 | (_t14 & 0x00000010) == 0x00000000;
				}
				if(_t28 != 0) {
					if((_t14 & 0x00000010) == 0) {
						_t21 = CreateFileW(_t32, 0x80000000, 1, 0, 3, 0, 0);
						if(_t21 == 0xffffffff) {
							return GetLastError() & 0xffffff00 | _t22 == 0x00000020;
						}
						CloseHandle(_t21);
						return 1;
					}
					return 0;
				}
				return 1;
			}









                                                                                                                                                0x004197e7
                                                                                                                                                0x004197e9
                                                                                                                                                0x004197f2
                                                                                                                                                0x004197f5
                                                                                                                                                0x004197fd
                                                                                                                                                0x00419853
                                                                                                                                                0x00419858
                                                                                                                                                0x00000000
                                                                                                                                                0x00419873
                                                                                                                                                0x00000000
                                                                                                                                                0x00419873
                                                                                                                                                0x00419858
                                                                                                                                                0x00419802
                                                                                                                                                0x00000000
                                                                                                                                                0x00419849
                                                                                                                                                0x00419806
                                                                                                                                                0x0041980e
                                                                                                                                                0x00419824
                                                                                                                                                0x0041982c
                                                                                                                                                0x00000000
                                                                                                                                                0x00419842
                                                                                                                                                0x0041982f
                                                                                                                                                0x00000000
                                                                                                                                                0x00419834
                                                                                                                                                0x00000000
                                                                                                                                                0x00419810
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetFileAttributesW.KERNEL32(00000000,?,?,00000001,00456B77,?,?,?,?,?,00000005,00000000,00000000), ref: 004197F5
                                                                                                                                                • GetLastError.KERNEL32(00000000,?,?,00000001,00456B77,?,?,?,?,?,00000005,00000000,00000000), ref: 0041984E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AttributesErrorFileLast
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1799206407-0
                                                                                                                                                • Opcode ID: 0961293aac829a09c744bb1d1d6ce2a28834ecfe27f73861925a3899034ead3e
                                                                                                                                                • Instruction ID: aa62d41874482af7cac3a54218987dab8cf47ad0a2e002d4286c9f84e9386501
                                                                                                                                                • Opcode Fuzzy Hash: 0961293aac829a09c744bb1d1d6ce2a28834ecfe27f73861925a3899034ead3e
                                                                                                                                                • Instruction Fuzzy Hash: F401713527434065EA29347A0DA67FA02484F477E4F280927FA66AB2E1D55DCCC3517F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041987C, Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 309 41987c-419899 call 4072b8 DeleteFileW 312 4198d1-4198d7 309->312 313 41989b-4198ab GetLastError GetFileAttributesW 309->313 314 4198cb-4198cc SetLastError 313->314 315 4198ad-4198b0 313->315 314->312 315->314 316 4198b2-4198b4 315->316 316->314 317 4198b6-4198c9 call 4072b8 RemoveDirectoryW 316->317 317->312
                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                			E0041987C(void* __eax) {
				signed char _t10;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t17;
				WCHAR* _t18;

				_t17 = __eax;
				_t18 = E004072B8(__eax);
				DeleteFileW(_t18); // executed
				asm("sbb ebx, ebx");
				_t15 = _t14 + 1;
				if(_t15 == 0) {
					_t16 = GetLastError();
					_t10 = GetFileAttributesW(_t18);
					if(_t10 == 0xffffffff || (_t10 & 0x00000004) == 0 || (_t10 & 0x00000010) == 0) {
						SetLastError(_t16);
					} else {
						RemoveDirectoryW(E004072B8(_t17));
						asm("sbb ebx, ebx");
						_t15 = _t15 + 1;
					}
				}
				return _t15;
			}









                                                                                                                                                0x00419880
                                                                                                                                                0x00419889
                                                                                                                                                0x0041988c
                                                                                                                                                0x00419894
                                                                                                                                                0x00419896
                                                                                                                                                0x00419899
                                                                                                                                                0x004198a0
                                                                                                                                                0x004198a3
                                                                                                                                                0x004198ab
                                                                                                                                                0x004198cc
                                                                                                                                                0x004198b6
                                                                                                                                                0x004198be
                                                                                                                                                0x004198c6
                                                                                                                                                0x004198c8
                                                                                                                                                0x004198c8
                                                                                                                                                0x004198ab
                                                                                                                                                0x004198d7

                                                                                                                                                APIs
                                                                                                                                                • DeleteFileW.KERNEL32(00000000,?,?,?,00000001,00456B93,00000000,00456B9D,?,?,?,?,?,?,00000005,00000000), ref: 0041988C
                                                                                                                                                • GetLastError.KERNEL32(00000000,?,?,?,00000001,00456B93,00000000,00456B9D,?,?,?,?,?,?,00000005,00000000), ref: 0041989B
                                                                                                                                                • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,?,00000001,00456B93,00000000,00456B9D,?,?,?,?,?,?,00000005), ref: 004198A3
                                                                                                                                                • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,?,00000001,00456B93,00000000,00456B9D,?,?), ref: 004198BE
                                                                                                                                                • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,00000001,00456B93,00000000,00456B9D,?,?), ref: 004198CC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2814369299-0
                                                                                                                                                • Opcode ID: 7edf0bb6498fe919875a87294f414c142e504f36b0f4114243fb2f02f6fb051c
                                                                                                                                                • Instruction ID: 8f8c5d12d987dc115decf03ac0d156be032c75e9b397dfa583784c1be4d1e460
                                                                                                                                                • Opcode Fuzzy Hash: 7edf0bb6498fe919875a87294f414c142e504f36b0f4114243fb2f02f6fb051c
                                                                                                                                                • Instruction Fuzzy Hash: 58F08C6225070019D520357A0895ABF224C9A437ADB140B3BF945F32D2DA2E9C9A92AF
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406458, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92threadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 320 406458-40646d 321 406480-406487 320->321 322 40646f-40647b call 40632c call 4063c0 320->322 324 406489-406494 GetCurrentThreadId 321->324 325 4064aa-4064ae 321->325 322->321 324->325 329 406496-4064a5 call 4060c8 call 406394 324->329 326 4064b0-4064b3 325->326 327 4064c4-4064c8 325->327 326->327 331 4064b5-4064c2 326->331 332 4064d8-4064e1 call 404528 327->332 333 4064ca-4064d1 327->333 329->325 331->327 342 4064e3-4064f3 call 404e1c call 404528 332->342 343 4064f5-4064fe call 4060f0 332->343 333->332 336 4064d3-4064d5 333->336 336->332 342->343 349 406500-406507 343->349 350 406509-40650e 343->350 349->350 352 40652f-40653a call 4060c8 349->352 350->352 353 406510-406523 call 4098c8 350->353 358 40653c 352->358 359 40653f-406543 352->359 353->352 360 406525-406527 353->360 358->359 361 406545-406547 call 406394 359->361 362 40654c-40654f 359->362 360->352 363 406529-40652a FreeLibrary 360->363 361->362 365 406551-406558 362->365 366 40656b 362->366 363->352 367 406560-406566 ExitProcess 365->367 368 40655a 365->368 368->367
                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                			E00406458() {
				void* _t14;
				int _t21;
				void* _t33;
				void* _t47;
				struct HINSTANCE__* _t54;
				void* _t58;

				if( *0x457004 != 0) {
					E0040632C();
					E004063C0(_t47);
					 *0x457004 = 0;
				}
				if( *0x45bb4c != 0 && GetCurrentThreadId() ==  *0x45bb74) {
					E004060C8(0x45bb48);
					E00406394(0x45bb48);
				}
				if( *0x0045BB40 != 0 ||  *0x459054 == 0) {
					L8:
					if( *((char*)(0x45bb40)) == 2 &&  *0x457000 == 0) {
						 *0x0045BB24 = 0;
					}
					_t14 = E00404528();
					_t45 = _t14;
					if(_t14 == 0) {
						L13:
						E004060F0();
						if( *((char*)(0x45bb40)) <= 1 ||  *0x457000 != 0) {
							_t57 =  *0x0045BB28;
							if( *0x0045BB28 != 0) {
								E004098C8(_t57);
								_t7 =  *((intOrPtr*)(0x45bb28)) + 0x10; // 0x400000
								_t54 =  *_t7;
								_t9 =  *((intOrPtr*)(0x45bb28)) + 4; // 0x400000
								if(_t54 !=  *_t9 && _t54 != 0) {
									FreeLibrary(_t54);
								}
							}
						}
						E004060C8(0x45bb18);
						if( *((char*)(0x45bb40)) == 1) {
							 *0x0045BB3C();
						}
						if( *((char*)(0x45bb40)) != 0) {
							E00406394(0x45bb18);
						}
						if( *0x45bb18 == 0) {
							if( *0x459034 != 0) {
								 *0x459034();
							}
							_t21 =  *0x457000; // 0x0
							ExitProcess(_t21); // executed
						}
						memcpy(0x45bb18,  *0x45bb18, 0xc << 2);
						_t58 = _t58 + 0xc;
						0x45bb18 = 0x45bb18;
						goto L8;
					} else {
						do {
							E00404E1C(_t45);
							_t33 = E00404528();
							_t45 = _t33;
						} while (_t33 != 0);
						goto L13;
					}
				} else {
					do {
						 *0x459054 = 0;
						 *((intOrPtr*)( *0x459054))();
					} while ( *0x459054 != 0);
					L8:
					while(1) {
					}
				}
			}









                                                                                                                                                0x0040646d
                                                                                                                                                0x0040646f
                                                                                                                                                0x00406474
                                                                                                                                                0x0040647b
                                                                                                                                                0x0040647b
                                                                                                                                                0x00406487
                                                                                                                                                0x0040649b
                                                                                                                                                0x004064a5
                                                                                                                                                0x004064a5
                                                                                                                                                0x004064ae
                                                                                                                                                0x004064c4
                                                                                                                                                0x004064c8
                                                                                                                                                0x004064d5
                                                                                                                                                0x004064d5
                                                                                                                                                0x004064d8
                                                                                                                                                0x004064dd
                                                                                                                                                0x004064e1
                                                                                                                                                0x004064f5
                                                                                                                                                0x004064f5
                                                                                                                                                0x004064fe
                                                                                                                                                0x00406509
                                                                                                                                                0x0040650e
                                                                                                                                                0x00406512
                                                                                                                                                0x0040651a
                                                                                                                                                0x0040651a
                                                                                                                                                0x00406520
                                                                                                                                                0x00406523
                                                                                                                                                0x0040652a
                                                                                                                                                0x0040652a
                                                                                                                                                0x00406523
                                                                                                                                                0x0040650e
                                                                                                                                                0x00406531
                                                                                                                                                0x0040653a
                                                                                                                                                0x0040653c
                                                                                                                                                0x0040653c
                                                                                                                                                0x00406543
                                                                                                                                                0x00406547
                                                                                                                                                0x00406547
                                                                                                                                                0x0040654f
                                                                                                                                                0x00406558
                                                                                                                                                0x0040655a
                                                                                                                                                0x0040655a
                                                                                                                                                0x00406560
                                                                                                                                                0x00406566
                                                                                                                                                0x00406566
                                                                                                                                                0x00406577
                                                                                                                                                0x00406577
                                                                                                                                                0x00406579
                                                                                                                                                0x00000000
                                                                                                                                                0x004064e3
                                                                                                                                                0x004064e3
                                                                                                                                                0x004064e5
                                                                                                                                                0x004064ea
                                                                                                                                                0x004064ef
                                                                                                                                                0x004064f1
                                                                                                                                                0x00000000
                                                                                                                                                0x004064e3
                                                                                                                                                0x004064b5
                                                                                                                                                0x004064b5
                                                                                                                                                0x004064bb
                                                                                                                                                0x004064bd
                                                                                                                                                0x004064bf
                                                                                                                                                0x00000000
                                                                                                                                                0x004064c4
                                                                                                                                                0x00000000
                                                                                                                                                0x004064c4

                                                                                                                                                APIs
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00406489
                                                                                                                                                • FreeLibrary.KERNEL32(00400000,?,00000000,?,?,0040658E,00404573,004045BA,?,00000000,004045D3,?,?,?,?,00000000), ref: 0040652A
                                                                                                                                                • ExitProcess.KERNEL32(00000000,?,00000000,?,?,0040658E,00404573,004045BA,?,00000000,004045D3,?,?,?,?,00000000), ref: 00406566
                                                                                                                                                  • Part of subcall function 004063C0: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?,?,0040658E,00404573,004045BA,?,00000000), ref: 004063F9
                                                                                                                                                  • Part of subcall function 004063C0: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?,?,0040658E,00404573,004045BA,?), ref: 004063FF
                                                                                                                                                  • Part of subcall function 004063C0: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?), ref: 0040641A
                                                                                                                                                  • Part of subcall function 004063C0: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000), ref: 00406420
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                                • String ID: MZP
                                                                                                                                                • API String ID: 3490077880-2889622443
                                                                                                                                                • Opcode ID: fb754d57819c9cb00645cab0706fd786c362fe670dabd00338881b3b256af971
                                                                                                                                                • Instruction ID: a93aaad58f025c11ca6d37a442adf43a44a5d6204dd4cd686539ed1561de1c6e
                                                                                                                                                • Opcode Fuzzy Hash: fb754d57819c9cb00645cab0706fd786c362fe670dabd00338881b3b256af971
                                                                                                                                                • Instruction Fuzzy Hash: B531AE70A003019BD731AB79A84831B76E0AB05329F06093FE506A37D7D7BCE8A8C75D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406450, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87threadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 369 406450-40646d 370 406480-406487 369->370 371 40646f-40647b call 40632c call 4063c0 369->371 373 406489-406494 GetCurrentThreadId 370->373 374 4064aa-4064ae 370->374 371->370 373->374 378 406496-4064a5 call 4060c8 call 406394 373->378 375 4064b0-4064b3 374->375 376 4064c4-4064c8 374->376 375->376 380 4064b5-4064c2 375->380 381 4064d8-4064e1 call 404528 376->381 382 4064ca-4064d1 376->382 378->374 380->376 391 4064e3-4064f3 call 404e1c call 404528 381->391 392 4064f5-4064fe call 4060f0 381->392 382->381 385 4064d3-4064d5 382->385 385->381 391->392 398 406500-406507 392->398 399 406509-40650e 392->399 398->399 401 40652f-40653a call 4060c8 398->401 399->401 402 406510-406523 call 4098c8 399->402 407 40653c 401->407 408 40653f-406543 401->408 402->401 409 406525-406527 402->409 407->408 410 406545-406547 call 406394 408->410 411 40654c-40654f 408->411 409->401 412 406529-40652a FreeLibrary 409->412 410->411 414 406551-406558 411->414 415 40656b 411->415 412->401 416 406560-406566 ExitProcess 414->416 417 40655a 414->417 417->416
                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                			E00406450() {
				intOrPtr* _t14;
				void* _t17;
				int _t24;
				void* _t36;
				void* _t51;
				struct HINSTANCE__* _t59;
				void* _t65;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x457004 != 0) {
					E0040632C();
					E004063C0(_t51);
					 *0x457004 = 0;
				}
				if( *0x45bb4c != 0 && GetCurrentThreadId() ==  *0x45bb74) {
					E004060C8(0x45bb48);
					E00406394(0x45bb48);
				}
				if( *0x0045BB40 != 0 ||  *0x459054 == 0) {
					L9:
					if( *((char*)(0x45bb40)) == 2 &&  *0x457000 == 0) {
						 *0x0045BB24 = 0;
					}
					_t17 = E00404528();
					_t49 = _t17;
					if(_t17 == 0) {
						L14:
						E004060F0();
						if( *((char*)(0x45bb40)) <= 1 ||  *0x457000 != 0) {
							_t64 =  *0x0045BB28;
							if( *0x0045BB28 != 0) {
								E004098C8(_t64);
								_t7 =  *((intOrPtr*)(0x45bb28)) + 0x10; // 0x400000
								_t59 =  *_t7;
								_t9 =  *((intOrPtr*)(0x45bb28)) + 4; // 0x400000
								if(_t59 !=  *_t9 && _t59 != 0) {
									FreeLibrary(_t59);
								}
							}
						}
						E004060C8(0x45bb18);
						if( *((char*)(0x45bb40)) == 1) {
							 *0x0045BB3C();
						}
						if( *((char*)(0x45bb40)) != 0) {
							E00406394(0x45bb18);
						}
						if( *0x45bb18 == 0) {
							if( *0x459034 != 0) {
								 *0x459034();
							}
							_t24 =  *0x457000; // 0x0
							ExitProcess(_t24); // executed
						}
						memcpy(0x45bb18,  *0x45bb18, 0xc << 2);
						_t65 = _t65 + 0xc;
						0x45bb18 = 0x45bb18;
						goto L9;
					} else {
						do {
							E00404E1C(_t49);
							_t36 = E00404528();
							_t49 = _t36;
						} while (_t36 != 0);
						goto L14;
					}
				} else {
					do {
						 *0x459054 = 0;
						 *((intOrPtr*)( *0x459054))();
					} while ( *0x459054 != 0);
					L9:
					while(1) {
					}
				}
			}










                                                                                                                                                0x00406452
                                                                                                                                                0x0040646d
                                                                                                                                                0x0040646f
                                                                                                                                                0x00406474
                                                                                                                                                0x0040647b
                                                                                                                                                0x0040647b
                                                                                                                                                0x00406487
                                                                                                                                                0x0040649b
                                                                                                                                                0x004064a5
                                                                                                                                                0x004064a5
                                                                                                                                                0x004064ae
                                                                                                                                                0x004064c4
                                                                                                                                                0x004064c8
                                                                                                                                                0x004064d5
                                                                                                                                                0x004064d5
                                                                                                                                                0x004064d8
                                                                                                                                                0x004064dd
                                                                                                                                                0x004064e1
                                                                                                                                                0x004064f5
                                                                                                                                                0x004064f5
                                                                                                                                                0x004064fe
                                                                                                                                                0x00406509
                                                                                                                                                0x0040650e
                                                                                                                                                0x00406512
                                                                                                                                                0x0040651a
                                                                                                                                                0x0040651a
                                                                                                                                                0x00406520
                                                                                                                                                0x00406523
                                                                                                                                                0x0040652a
                                                                                                                                                0x0040652a
                                                                                                                                                0x00406523
                                                                                                                                                0x0040650e
                                                                                                                                                0x00406531
                                                                                                                                                0x0040653a
                                                                                                                                                0x0040653c
                                                                                                                                                0x0040653c
                                                                                                                                                0x00406543
                                                                                                                                                0x00406547
                                                                                                                                                0x00406547
                                                                                                                                                0x0040654f
                                                                                                                                                0x00406558
                                                                                                                                                0x0040655a
                                                                                                                                                0x0040655a
                                                                                                                                                0x00406560
                                                                                                                                                0x00406566
                                                                                                                                                0x00406566
                                                                                                                                                0x00406577
                                                                                                                                                0x00406577
                                                                                                                                                0x00406579
                                                                                                                                                0x00000000
                                                                                                                                                0x004064e3
                                                                                                                                                0x004064e3
                                                                                                                                                0x004064e5
                                                                                                                                                0x004064ea
                                                                                                                                                0x004064ef
                                                                                                                                                0x004064f1
                                                                                                                                                0x00000000
                                                                                                                                                0x004064e3
                                                                                                                                                0x004064b5
                                                                                                                                                0x004064b5
                                                                                                                                                0x004064bb
                                                                                                                                                0x004064bd
                                                                                                                                                0x004064bf
                                                                                                                                                0x00000000
                                                                                                                                                0x004064c4
                                                                                                                                                0x00000000
                                                                                                                                                0x004064c4

                                                                                                                                                APIs
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00406489
                                                                                                                                                • FreeLibrary.KERNEL32(00400000,?,00000000,?,?,0040658E,00404573,004045BA,?,00000000,004045D3,?,?,?,?,00000000), ref: 0040652A
                                                                                                                                                • ExitProcess.KERNEL32(00000000,?,00000000,?,?,0040658E,00404573,004045BA,?,00000000,004045D3,?,?,?,?,00000000), ref: 00406566
                                                                                                                                                  • Part of subcall function 004063C0: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?,?,0040658E,00404573,004045BA,?,00000000), ref: 004063F9
                                                                                                                                                  • Part of subcall function 004063C0: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?,?,0040658E,00404573,004045BA,?), ref: 004063FF
                                                                                                                                                  • Part of subcall function 004063C0: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?), ref: 0040641A
                                                                                                                                                  • Part of subcall function 004063C0: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000), ref: 00406420
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                                • String ID: MZP
                                                                                                                                                • API String ID: 3490077880-2889622443
                                                                                                                                                • Opcode ID: dec44cb456ebba250873fe7d8b642dc8f4059ba9680ba78a678b0ee7370c882a
                                                                                                                                                • Instruction ID: d353af26a11dc108d646f0739d3c66120641e06764e28ce13d63044cf6413c24
                                                                                                                                                • Opcode Fuzzy Hash: dec44cb456ebba250873fe7d8b642dc8f4059ba9680ba78a678b0ee7370c882a
                                                                                                                                                • Instruction Fuzzy Hash: FA318F70A003419BD731AB79A84831A77E0AB05329F06493FE546A77D7D7BCE8A8C71D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404368, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 459 404368-404379 460 40438d-40438f 459->460 461 404391-404396 460->461 462 40437b-40438b VirtualFree 460->462 463 40439b-4043b5 461->463 462->460 463->463 464 4043b7-4043c1 463->464 465 4043c6-4043d1 464->465 465->465 466 4043d3-4043f5 call 4049ac 465->466 469 404409-40440b 466->469 470 4043f7-404407 VirtualFree 469->470 471 40440d-404416 469->471 470->469
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00404368() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x00459A5C;
				while(_t28 != 0x459a58) {
					_t2 = _t28 + 4; // 0x459a58
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x457070;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x459a58 = 0x459a58;
				 *0x00459A5C = 0x459a58;
				_t26 = 0x400;
				_t23 = 0x459af8;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x459af8
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x459a74 = 0;
				E004049AC(0x459a78, 0x80);
				_t18 = 0;
				 *0x459a70 = 0;
				_t31 =  *0x0045BB00;
				while(_t31 != 0x45bafc) {
					_t10 = _t31 + 4; // 0x45bafc
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x45bafc = 0x45bafc;
				 *0x0045BB00 = 0x45bafc;
				return _t18;
			}











                                                                                                                                                0x00404376
                                                                                                                                                0x0040438d
                                                                                                                                                0x0040437b
                                                                                                                                                0x00404386
                                                                                                                                                0x0040438b
                                                                                                                                                0x0040438b
                                                                                                                                                0x00404391
                                                                                                                                                0x00404396
                                                                                                                                                0x0040439b
                                                                                                                                                0x0040439d
                                                                                                                                                0x004043a2
                                                                                                                                                0x004043a5
                                                                                                                                                0x004043ae
                                                                                                                                                0x004043b1
                                                                                                                                                0x004043b4
                                                                                                                                                0x004043b4
                                                                                                                                                0x004043b7
                                                                                                                                                0x004043b9
                                                                                                                                                0x004043bc
                                                                                                                                                0x004043c1
                                                                                                                                                0x004043c6
                                                                                                                                                0x004043c6
                                                                                                                                                0x004043c8
                                                                                                                                                0x004043ca
                                                                                                                                                0x004043ca
                                                                                                                                                0x004043cd
                                                                                                                                                0x004043d0
                                                                                                                                                0x004043d0
                                                                                                                                                0x004043d5
                                                                                                                                                0x004043e6
                                                                                                                                                0x004043eb
                                                                                                                                                0x004043ed
                                                                                                                                                0x004043f2
                                                                                                                                                0x00404409
                                                                                                                                                0x004043f7
                                                                                                                                                0x00404402
                                                                                                                                                0x00404407
                                                                                                                                                0x00404407
                                                                                                                                                0x0040440d
                                                                                                                                                0x0040440f
                                                                                                                                                0x00404416

                                                                                                                                                APIs
                                                                                                                                                • VirtualFree.KERNEL32(00459A58,00000000,00008000,?,?,?,?,00404468,0040A004,00000000,0040A030), ref: 00404386
                                                                                                                                                • VirtualFree.KERNEL32(0045BAFC,00000000,00008000,00459A58,00000000,00008000,?,?,?,?,00404468,0040A004,00000000,0040A030), ref: 00404402
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                • String ID: ppE
                                                                                                                                                • API String ID: 1263568516-2184805803
                                                                                                                                                • Opcode ID: 5cdf38ba39f976144d6f7f019973d6728aaf33aa9870bfa14787ad1a1d45003d
                                                                                                                                                • Instruction ID: 10aa2548ee9bc9a06b63812ac6b8bfea252c66b3b98f8c12bdde64b062849a02
                                                                                                                                                • Opcode Fuzzy Hash: 5cdf38ba39f976144d6f7f019973d6728aaf33aa9870bfa14787ad1a1d45003d
                                                                                                                                                • Instruction Fuzzy Hash: 45119DB17002008BC7648F189881B1AB6E0E784715F11C47FEA4AEB3C2D778EC028BA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406810, Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 472 406810-406812 473 4066a0-4066a4 472->473 474 406818-406823 SysAllocStringLen 472->474 477 4066b4 473->477 478 4066a6-4066b3 SysFreeString 473->478 475 406638-406642 474->475 476 406829-406832 SysFreeString 474->476 480 406654 475->480 481 406644-40664e SysAllocStringLen 475->481 478->477 481->475 481->480
                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                			E00406810(signed char __eax, void* __ecx, void* __edx) {
				intOrPtr _v8;
				signed char _v13;
				void* _t5;
				void* _t11;

				if(__ecx == 0) {
					_t11 =  *__eax;
					if(_t11 != 0) {
						 *__eax = 0;
						_push(__eax);
						L004028B4(); // executed
						_t5 = _t11;
						return _t5;
					}
					return __eax;
				} else {
					_push(__eax);
					_push(__ecx);
					L004028A4(); // executed
					__edx = __edx;
					if(__eax == 0) {
						_push(__ecx);
						_v13 = __eax;
						return E00404574(_v13 & 0x000000ff, _v8);
					} else {
						_push( *__edx);
						 *__edx = __eax;
						L004028B4();
						return __eax;
					}
				}
			}







                                                                                                                                                0x00406812
                                                                                                                                                0x004066a0
                                                                                                                                                0x004066a4
                                                                                                                                                0x004066a6
                                                                                                                                                0x004066ac
                                                                                                                                                0x004066ae
                                                                                                                                                0x004066b3
                                                                                                                                                0x00000000
                                                                                                                                                0x004066b3
                                                                                                                                                0x004066b4
                                                                                                                                                0x00406818
                                                                                                                                                0x00406818
                                                                                                                                                0x00406819
                                                                                                                                                0x0040681b
                                                                                                                                                0x00406822
                                                                                                                                                0x00406823
                                                                                                                                                0x004045c3
                                                                                                                                                0x004045c4
                                                                                                                                                0x004045d5
                                                                                                                                                0x00406829
                                                                                                                                                0x00406829
                                                                                                                                                0x0040682b
                                                                                                                                                0x0040682d
                                                                                                                                                0x00406832
                                                                                                                                                0x00406832
                                                                                                                                                0x00406823

                                                                                                                                                APIs
                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 004066AE
                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,?), ref: 0040681B
                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0040682D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                • Opcode ID: db766332ce9f273ec9987cf776c4382f70e4ddd3d45879878e2049e4727fe115
                                                                                                                                                • Instruction ID: 2642ebc01637dafa1d7c2b7ed876b8f14acb0351700065ee9e71307833d511a8
                                                                                                                                                • Opcode Fuzzy Hash: db766332ce9f273ec9987cf776c4382f70e4ddd3d45879878e2049e4727fe115
                                                                                                                                                • Instruction Fuzzy Hash: D3E0C2FD102201ADFF093F218D05B372368AF91700B24897FB801BA2C2EA7EC811552C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00450080, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                			E00450080(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* __fp0) {
				char _v5;
				char _v8;
				char _v12;
				char _v28;
				char _v44;
				char _v60;
				void* _t27;
				void* _t71;
				intOrPtr _t73;
				intOrPtr _t74;
				char _t78;
				intOrPtr _t91;
				intOrPtr _t92;
				void* _t93;
				intOrPtr _t97;
				intOrPtr _t98;
				void* _t105;

				_t105 = __fp0;
				_t94 = __esi;
				_t93 = __edi;
				_t78 = __edx;
				_t97 = _t98;
				_t73 = 6;
				do {
					_push(0);
					_push(0);
					_t73 = _t73 - 1;
				} while (_t73 != 0);
				_push(_t73);
				_t1 =  &_v8;
				_t74 =  *_t1;
				 *_t1 = _t73;
				_push(__esi);
				_t103 = __edx;
				if(__edx != 0) {
					_t98 = _t98 + 0xfffffff0;
					_t27 = E0040538C(_t27, _t97);
				}
				_v5 = _t78;
				_t71 = _t27;
				_push(_t97);
				_push(0x4501dc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t98;
				E00442EE4(_t74, 0);
				E00448BD0(L"Scripting.FileSystemObject", _t71,  &_v12, _t93, _t94, _t103); // executed
				_t6 = _t71 + 0x68; // 0x68
				E004297D4(_t6, _v12);
				_t7 = _t71 + 0x68; // 0x68
				E00423A90( &_v28, _t7, 0x450248, 0);
				_t10 = _t71 + 0x78; // 0x78
				E0042990C(_t10, _t71,  &_v28, _t93, _t94, _t105);
				_t11 = _t71 + 0x68; // 0x68
				E00423A90( &_v44, _t11, 0x450248, 1);
				_t14 = _t71 + 0x88; // 0x88
				E0042990C(_t14, _t71,  &_v44, _t93, _t94, _t105);
				_t15 = _t71 + 0x68; // 0x68
				E00423A90( &_v60, _t15, 0x450248, 2);
				_t18 = _t71 + 0x98; // 0x98
				E0042990C(_t18, _t71,  &_v60, _t93, _t94, _t105);
				 *((intOrPtr*)(_t71 + 0x40)) = E0044A6B4(1);
				 *((intOrPtr*)(_t71 + 0x44)) = E00449CB4(1);
				E00449D5C(0);
				_t21 = _t71 + 0x44; // 0xa0000
				E00449D70( *_t21, 0);
				_t22 = _t71 + 0x44; // 0xa0000
				E00449D94( *_t22, E0044FC94, _t71);
				 *((intOrPtr*)(_t71 + 0x50)) = E0044AE3C(1);
				 *((intOrPtr*)(_t71 + 0x4c)) = E0044AD04(1);
				 *0x45e000 = CreateEventW(0, 0, 0, 0);
				_pop(_t91);
				 *[fs:eax] = _t91;
				_push(E004501E3);
				_t92 =  *0x401290; // 0x401294
				E00407A34( &_v60, 3, _t92);
				return E00409938( &_v12);
			}




















                                                                                                                                                0x00450080
                                                                                                                                                0x00450080
                                                                                                                                                0x00450080
                                                                                                                                                0x00450080
                                                                                                                                                0x00450081
                                                                                                                                                0x00450084
                                                                                                                                                0x00450089
                                                                                                                                                0x00450089
                                                                                                                                                0x0045008b
                                                                                                                                                0x0045008d
                                                                                                                                                0x0045008d
                                                                                                                                                0x00450090
                                                                                                                                                0x00450091
                                                                                                                                                0x00450091
                                                                                                                                                0x00450091
                                                                                                                                                0x00450095
                                                                                                                                                0x00450096
                                                                                                                                                0x00450098
                                                                                                                                                0x0045009a
                                                                                                                                                0x0045009d
                                                                                                                                                0x0045009d
                                                                                                                                                0x004500a2
                                                                                                                                                0x004500a5
                                                                                                                                                0x004500a9
                                                                                                                                                0x004500aa
                                                                                                                                                0x004500af
                                                                                                                                                0x004500b2
                                                                                                                                                0x004500b9
                                                                                                                                                0x004500c6
                                                                                                                                                0x004500ce
                                                                                                                                                0x004500d1
                                                                                                                                                0x004500dd
                                                                                                                                                0x004500e5
                                                                                                                                                0x004500f0
                                                                                                                                                0x004500f3
                                                                                                                                                0x004500ff
                                                                                                                                                0x00450107
                                                                                                                                                0x00450112
                                                                                                                                                0x00450118
                                                                                                                                                0x00450124
                                                                                                                                                0x0045012c
                                                                                                                                                0x00450137
                                                                                                                                                0x0045013d
                                                                                                                                                0x0045014e
                                                                                                                                                0x0045015f
                                                                                                                                                0x00450166
                                                                                                                                                0x0045016b
                                                                                                                                                0x00450170
                                                                                                                                                0x0045017b
                                                                                                                                                0x0045017e
                                                                                                                                                0x0045018f
                                                                                                                                                0x0045019e
                                                                                                                                                0x004501ae
                                                                                                                                                0x004501b5
                                                                                                                                                0x004501b8
                                                                                                                                                0x004501bb
                                                                                                                                                0x004501c3
                                                                                                                                                0x004501ce
                                                                                                                                                0x004501db

                                                                                                                                                APIs
                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,0044FC94,0044FB68), ref: 004501A9
                                                                                                                                                Strings
                                                                                                                                                • Scripting.FileSystemObject, xrefs: 004500C1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateEvent
                                                                                                                                                • String ID: Scripting.FileSystemObject
                                                                                                                                                • API String ID: 2692171526-2434688496
                                                                                                                                                • Opcode ID: de67e5983d79fa7573055ca2543268dc0fb5d0574171572c42a9ebcb01e43e7c
                                                                                                                                                • Instruction ID: 0ab13f544ed766fe1b184997f31bd472f195ab01593ceabb986f56eac18b521e
                                                                                                                                                • Opcode Fuzzy Hash: de67e5983d79fa7573055ca2543268dc0fb5d0574171572c42a9ebcb01e43e7c
                                                                                                                                                • Instruction Fuzzy Hash: BC419A75A402086BDB00FF65DC82F9E37B9EB04708F40447BF9049B297E679AD49C759
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044C424, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 524 44c424-44c477 GetModuleFileNameW call 4067e0 call 44c2b0 529 44c483-44c498 call 406658 524->529 530 44c479-44c47e call 406a38 524->530 530->529
                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                			E0044C424(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v532;
				struct HINSTANCE__* _t11;
				intOrPtr* _t23;
				intOrPtr _t30;
				void* _t36;
				void* _t38;

				_t38 = __eflags;
				_v8 = 0;
				_t23 = __eax;
				_push(_t36);
				_push(0x44c499);
				_push( *[fs:eax]);
				 *[fs:eax] = _t36 + 0xfffffdf0;
				_t11 =  *0x45bc50; // 0x400000
				E004067E0(_t23, GetModuleFileNameW(_t11,  &_v532, 0x106),  &_v532, _t38);
				E0044C2B0( *_t23, _t23,  &_v8, __edi, __esi); // executed
				if(_v8 != 0) {
					E00406A38(_t23, _v8);
				}
				_pop(_t30);
				 *[fs:eax] = _t30;
				_push(0x44c4a0);
				return E00406658( &_v8);
			}










                                                                                                                                                0x0044c424
                                                                                                                                                0x0044c430
                                                                                                                                                0x0044c433
                                                                                                                                                0x0044c437
                                                                                                                                                0x0044c438
                                                                                                                                                0x0044c43d
                                                                                                                                                0x0044c440
                                                                                                                                                0x0044c44f
                                                                                                                                                0x0044c464
                                                                                                                                                0x0044c46e
                                                                                                                                                0x0044c477
                                                                                                                                                0x0044c47e
                                                                                                                                                0x0044c47e
                                                                                                                                                0x0044c485
                                                                                                                                                0x0044c488
                                                                                                                                                0x0044c48b
                                                                                                                                                0x0044c498

                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameW.KERNEL32(MZP,?,00000106,00000000,0044C499), ref: 0044C455
                                                                                                                                                  • Part of subcall function 0044C2B0: GetLongPathNameW.KERNELBASE(00000000,00000000,00000104), ref: 0044C316
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Name$FileLongModulePath
                                                                                                                                                • String ID: MZP
                                                                                                                                                • API String ID: 3672691952-2889622443
                                                                                                                                                • Opcode ID: 528d1efe4b0c3648162eaacf6b725be459861dedf602f8dd525d78cb03bfc481
                                                                                                                                                • Instruction ID: 1830416ca980862735ecbad21ad03917ea3d1541390be3cecf581fe64c89e466
                                                                                                                                                • Opcode Fuzzy Hash: 528d1efe4b0c3648162eaacf6b725be459861dedf602f8dd525d78cb03bfc481
                                                                                                                                                • Instruction Fuzzy Hash: FEF0A971600308ABD711EFA5CD9299DB3F9EB48304F5584BAF404D3291EBB89E148A58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004095E0, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                			E004095E0(intOrPtr __eax, void* __ebx, signed int* __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t37;
				signed short _t39;
				signed short _t42;
				signed int _t59;
				intOrPtr _t72;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E0040673C(_v8);
				E0040673C(_v12);
				_push(_t84);
				_push(0x4096ed);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00406658(__ecx);
				E00406A80( &_v20, _v12);
				_t37 = _v12;
				if(_t37 != 0) {
					_t37 =  *(_t37 - 4);
				}
				_t59 = _t37;
				if(_t59 < 1) {
					L6:
					_t39 = E00409328(_v8, _t59,  &_v16, _t81); // executed
					_t89 = _v16;
					if(_v16 == 0) {
						L00402834();
						E00408CD4(_t39, _t59,  &_v24, _t79, _t81);
						_t42 = E00409448(_v20, _t59, _t81, _v24, _t79, _t81, __eflags); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x45bb84;
							if( *0x45bb84 == 0) {
								L0040283C();
								E00408CD4(_t42, _t59,  &_v28, _t79, _t81);
								E00409448(_v20, _t59, _t81, _v28, _t79, _t81, __eflags);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E00409514(_v20, _t59, _t81, __eflags); // executed
						}
					} else {
						E00409448(_v20, _t59, _t81, _v16, _t79, _t81, _t89);
					}
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(E004096F4);
					return E004066B8( &_v28, 6);
				} else {
					while( *((short*)(_v12 + _t59 * 2 - 2)) != 0x2e) {
						_t59 = _t59 - 1;
						__eflags = _t59;
						if(_t59 != 0) {
							continue;
						}
						goto L6;
					}
					E0040766C(_v12, _t59, 1,  &_v20);
					goto L6;
				}
			}

















                                                                                                                                                0x004095e0
                                                                                                                                                0x004095e3
                                                                                                                                                0x004095e5
                                                                                                                                                0x004095e7
                                                                                                                                                0x004095e9
                                                                                                                                                0x004095eb
                                                                                                                                                0x004095ed
                                                                                                                                                0x004095ef
                                                                                                                                                0x004095f0
                                                                                                                                                0x004095f1
                                                                                                                                                0x004095f3
                                                                                                                                                0x004095f6
                                                                                                                                                0x004095fc
                                                                                                                                                0x00409604
                                                                                                                                                0x0040960b
                                                                                                                                                0x0040960c
                                                                                                                                                0x00409611
                                                                                                                                                0x00409614
                                                                                                                                                0x00409619
                                                                                                                                                0x00409624
                                                                                                                                                0x00409629
                                                                                                                                                0x0040962e
                                                                                                                                                0x00409633
                                                                                                                                                0x00409633
                                                                                                                                                0x00409635
                                                                                                                                                0x0040963a
                                                                                                                                                0x00409661
                                                                                                                                                0x00409667
                                                                                                                                                0x0040966c
                                                                                                                                                0x00409670
                                                                                                                                                0x00409681
                                                                                                                                                0x00409689
                                                                                                                                                0x00409696
                                                                                                                                                0x0040969b
                                                                                                                                                0x0040969e
                                                                                                                                                0x004096a0
                                                                                                                                                0x004096a7
                                                                                                                                                0x004096a9
                                                                                                                                                0x004096b1
                                                                                                                                                0x004096be
                                                                                                                                                0x004096be
                                                                                                                                                0x004096a7
                                                                                                                                                0x004096c3
                                                                                                                                                0x004096c6
                                                                                                                                                0x004096cd
                                                                                                                                                0x004096cd
                                                                                                                                                0x00409672
                                                                                                                                                0x0040967a
                                                                                                                                                0x0040967a
                                                                                                                                                0x004096d4
                                                                                                                                                0x004096d7
                                                                                                                                                0x004096da
                                                                                                                                                0x004096ec
                                                                                                                                                0x0040963c
                                                                                                                                                0x0040963c
                                                                                                                                                0x0040965c
                                                                                                                                                0x0040965d
                                                                                                                                                0x0040965f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040965f
                                                                                                                                                0x00409655
                                                                                                                                                0x00000000
                                                                                                                                                0x00409655

                                                                                                                                                APIs
                                                                                                                                                • GetUserDefaultUILanguage.KERNEL32(00000000,004096ED,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00409776,00000000,?,00000105), ref: 00409681
                                                                                                                                                • GetSystemDefaultUILanguage.KERNEL32(00000000,004096ED,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00409776,00000000,?,00000105), ref: 004096A9
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DefaultLanguage$SystemUser
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 384301227-0
                                                                                                                                                • Opcode ID: 6ba0054865e58355b2eea97109376d2aa861e19a8b7537488c1daa753bdf125b
                                                                                                                                                • Instruction ID: 42ebf1e3cc6dcf26d29af582ba43da463ddc2d2e573697f932f33c4290274d02
                                                                                                                                                • Opcode Fuzzy Hash: 6ba0054865e58355b2eea97109376d2aa861e19a8b7537488c1daa753bdf125b
                                                                                                                                                • Instruction Fuzzy Hash: AE315270A042099FDB10EB99C892AAEB7B5EF44308F51497BE401B33D2DB79AD41CB59
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004096FC, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                			E004096FC(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x4097b6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00407310( &_v536, _t49);
				_push(_v536);
				E0040734C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E004095E0(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004072B8(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E004097BD);
				E004066B8( &_v540, 2);
				return E00406658( &_v8);
			}











                                                                                                                                                0x00409709
                                                                                                                                                0x0040970f
                                                                                                                                                0x00409715
                                                                                                                                                0x00409718
                                                                                                                                                0x0040971c
                                                                                                                                                0x0040971d
                                                                                                                                                0x00409722
                                                                                                                                                0x00409725
                                                                                                                                                0x00409738
                                                                                                                                                0x00409745
                                                                                                                                                0x00409750
                                                                                                                                                0x00409762
                                                                                                                                                0x00409770
                                                                                                                                                0x00409771
                                                                                                                                                0x0040977a
                                                                                                                                                0x00409789
                                                                                                                                                0x0040978e
                                                                                                                                                0x00409792
                                                                                                                                                0x00409795
                                                                                                                                                0x00409798
                                                                                                                                                0x004097a8
                                                                                                                                                0x004097b5

                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,004097B6,?,?,00000000), ref: 00409738
                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,004097B6,?,?,00000000), ref: 00409789
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileLibraryLoadModuleName
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1159719554-0
                                                                                                                                                • Opcode ID: 5166978d0c5f05ac38765cac7b362ead30ae45786ff0bcea0a08f45877b0b9c3
                                                                                                                                                • Instruction ID: e60c8658266e1a27dc7f5ea87d3cd7fb21265d5796a0d569f42016b7ea9c892e
                                                                                                                                                • Opcode Fuzzy Hash: 5166978d0c5f05ac38765cac7b362ead30ae45786ff0bcea0a08f45877b0b9c3
                                                                                                                                                • Instruction Fuzzy Hash: 0A116D71A4421C9ADB14EE61CC86BDEB3A8DB08304F5144BBE508A32C1DA785E808AA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00420640, Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 34%
                                                                                                                                                			E00420640(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x4206b2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x420694);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_v12 = LoadLibraryW(E004072B8(_t12));
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42069b);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}











                                                                                                                                                0x00420641
                                                                                                                                                0x00420643
                                                                                                                                                0x00420647
                                                                                                                                                0x0042064a
                                                                                                                                                0x0042064f
                                                                                                                                                0x00420654
                                                                                                                                                0x00420655
                                                                                                                                                0x0042065a
                                                                                                                                                0x0042065d
                                                                                                                                                0x00420660
                                                                                                                                                0x00420665
                                                                                                                                                0x00420666
                                                                                                                                                0x0042066b
                                                                                                                                                0x0042066e
                                                                                                                                                0x0042067e
                                                                                                                                                0x00420683
                                                                                                                                                0x00420686
                                                                                                                                                0x00420689
                                                                                                                                                0x0042068e
                                                                                                                                                0x00420690
                                                                                                                                                0x00420693

                                                                                                                                                APIs
                                                                                                                                                • SetErrorMode.KERNEL32 ref: 0042064A
                                                                                                                                                • LoadLibraryW.KERNEL32(00000000,00000000,00420694,?,00000000,004206B2), ref: 00420679
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLibraryLoadMode
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2987862817-0
                                                                                                                                                • Opcode ID: 5ca7b46530dd9215fbd2eb68cd4adec72eac62847d82a3fe0e8f106b2a3a9c97
                                                                                                                                                • Instruction ID: 309c7d9f6b8318d75b087537756fcf0a4ccf38c35ef8f4b5dbcdf766dac486e4
                                                                                                                                                • Opcode Fuzzy Hash: 5ca7b46530dd9215fbd2eb68cd4adec72eac62847d82a3fe0e8f106b2a3a9c97
                                                                                                                                                • Instruction Fuzzy Hash: 7CF089707147047FDB115F769C5281A76ECD74EB047D348B5F814A2A91E53C58208569
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406AAC, Relevance: 3.0, APIs: 2, Instructions: 25memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                			E00406AAC(signed char __eax, void* __edx) {
				intOrPtr _v12;
				signed char _v17;

				_t5 = __eax;
				if( *__eax == __edx) {
					L9:
					return _t5;
				} else {
					if(__edx == 0) {
						L3:
						__edx =  *__eax;
						if(__edx != 0) {
							 *__eax = 0;
							_push(__eax);
							L004028B4(); // executed
							__eax = __edx;
							return __eax;
						}
						return __eax;
					} else {
						__ecx =  *(__edx - 4);
						__ecx =  *(__edx - 4) >> 1;
						if(__ecx == 0) {
							goto L3;
						} else {
							_push(__ecx);
							_push(__edx);
							_push(__eax); // executed
							L004028AC(); // executed
							if(__eax == 0) {
								_v17 = __eax;
								return E00404574(_v17 & 0x000000ff, _v12);
							} else {
								goto L9;
							}
						}
					}
				}
			}





                                                                                                                                                0x00406aac
                                                                                                                                                0x00406aae
                                                                                                                                                0x00406ad3
                                                                                                                                                0x00406ad3
                                                                                                                                                0x00406ab0
                                                                                                                                                0x00406ab2
                                                                                                                                                0x004066a0
                                                                                                                                                0x004066a0
                                                                                                                                                0x004066a4
                                                                                                                                                0x004066a6
                                                                                                                                                0x004066ac
                                                                                                                                                0x004066ae
                                                                                                                                                0x004066b3
                                                                                                                                                0x00000000
                                                                                                                                                0x004066b3
                                                                                                                                                0x004066b4
                                                                                                                                                0x00406ab8
                                                                                                                                                0x00406ab8
                                                                                                                                                0x00406abb
                                                                                                                                                0x00406abd
                                                                                                                                                0x00000000
                                                                                                                                                0x00406ac3
                                                                                                                                                0x00406ac3
                                                                                                                                                0x00406ac4
                                                                                                                                                0x00406ac5
                                                                                                                                                0x00406ac6
                                                                                                                                                0x00406acd
                                                                                                                                                0x004045c4
                                                                                                                                                0x004045d5
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406acd
                                                                                                                                                0x00406abd
                                                                                                                                                0x00406ab2

                                                                                                                                                APIs
                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 004066AE
                                                                                                                                                • SysReAllocStringLen.OLEAUT32(?,?,00000000), ref: 00406AC6
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                • Opcode ID: fbb5440a405564b1febbbc9c76abef2419cfa5aec32665bdebadc9f204d94c53
                                                                                                                                                • Instruction ID: d96fdb27bd1c77e601416639931913681c1f52c112c957c7a82c24250a1c41fc
                                                                                                                                                • Opcode Fuzzy Hash: fbb5440a405564b1febbbc9c76abef2419cfa5aec32665bdebadc9f204d94c53
                                                                                                                                                • Instruction Fuzzy Hash: 32E086B8100101AEEE146E15891573332699BD1700B6ECA7F64037B3C5EA7E9C10CA6C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00448BD0, Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00448990: CLSIDFromProgID.OLE32(00000000,?,00000000,004489DD,?,?,?,00000000,?,00448C0A,00000000,00448C33,?,00000000,00448CA5), ref: 004489BD
                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,00448CB4,00000000,00000000,00448C33,?,00000000,00448CA5,?,?,?,0044FB68), ref: 00448C1F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateFromInstanceProg
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2151042543-0
                                                                                                                                                • Opcode ID: 9731af81e054f6454e1c1f04a5a95415d00590e4286a04fab8ef8a7e585b457d
                                                                                                                                                • Instruction ID: b9daa7b3555414ee3cb6f2a20e583f4b7be5158efbeae5a2658dde894f92c329
                                                                                                                                                • Opcode Fuzzy Hash: 9731af81e054f6454e1c1f04a5a95415d00590e4286a04fab8ef8a7e585b457d
                                                                                                                                                • Instruction Fuzzy Hash: 4101F771208B046EF705EF61DC53A6E77ACE749700F61483EF900E2680EE385910C479
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040AAF8, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateWindow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 716092398-0
                                                                                                                                                • Opcode ID: 893f983764a3cc64349f01b41a8bd47decfa517091847523070a1a10c671aacf
                                                                                                                                                • Instruction ID: 0e9b3bbd3876f280457851ff45a5bc0c264aa060def781ed6bc042dc26fb0187
                                                                                                                                                • Opcode Fuzzy Hash: 893f983764a3cc64349f01b41a8bd47decfa517091847523070a1a10c671aacf
                                                                                                                                                • Instruction Fuzzy Hash: F3F07FB6600158AF9B84DE9DDD81E9B77ECEB8C664B05412ABA08E3241D674ED108BA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044CDC8, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0044C424: GetModuleFileNameW.KERNEL32(MZP,?,00000106,00000000,0044C499), ref: 0044C455
                                                                                                                                                  • Part of subcall function 0044C508: LoadTypeLibEx.OLEAUT32(00000000,00000002,00000000), ref: 0044C53E
                                                                                                                                                • InterlockedExchange.KERNEL32(00000000,?), ref: 0044CE04
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExchangeFileInterlockedLoadModuleNameType
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2952622022-0
                                                                                                                                                • Opcode ID: dce050dca76b9641de69783cd2729fe9c765bf0158edea4f7d86ce9f7d4fae44
                                                                                                                                                • Instruction ID: 4c979b793f5cd67335d079554131f2a4b35528bd2b7daeccac37a0b7c77109e9
                                                                                                                                                • Opcode Fuzzy Hash: dce050dca76b9641de69783cd2729fe9c765bf0158edea4f7d86ce9f7d4fae44
                                                                                                                                                • Instruction Fuzzy Hash: 56F04431501248AFEB50EF52CC92B9DB7E8EB04714F6544B6E504A7551D7786E04CA94
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044C508, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • LoadTypeLibEx.OLEAUT32(00000000,00000002,00000000), ref: 0044C53E
                                                                                                                                                  • Part of subcall function 004066A0: SysFreeString.OLEAUT32(00000000), ref: 004066AE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeLoadStringType
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1535477946-0
                                                                                                                                                • Opcode ID: ead050abda8437752e4abc7fdf852a3732b875513417b9d3c48024a6f41cf680
                                                                                                                                                • Instruction ID: dcbe22b312051902b627a34b7e3c20d38e3fd46bd02eac93b6afdef2bcb78b50
                                                                                                                                                • Opcode Fuzzy Hash: ead050abda8437752e4abc7fdf852a3732b875513417b9d3c48024a6f41cf680
                                                                                                                                                • Instruction Fuzzy Hash: 8CF0A0717047087BE711EB668C43A6D73DCDB48B18FA1487AB900E2682DA7CAE10946A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00418934, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CompareStringW.KERNEL32(00000400,00000001,00000000,0044FB68,00000000,?,?,?,00000001,00000000,0041951A,00000000,0041954A,?,?,0044FBE0), ref: 0041896B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CompareString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1825529933-0
                                                                                                                                                • Opcode ID: 96742ad55efcbeea9274bc45fdfe921c839fa205ecd8e5ebb7d96b6198e24fb1
                                                                                                                                                • Instruction ID: 91a36842b454e0dda9006ea28d2feaafa38ae5742450e61239df231b6e527677
                                                                                                                                                • Opcode Fuzzy Hash: 96742ad55efcbeea9274bc45fdfe921c839fa205ecd8e5ebb7d96b6198e24fb1
                                                                                                                                                • Instruction Fuzzy Hash: 3EE092B3B0132927E52064AE5C81E77A64C8B85765B05027EFE04B7245C955AC0141B5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004196A8, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,?,?,004336F8,0043D155,00000000,0043D23C,?,?,004336F8), ref: 004196F1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateFile
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                • Opcode ID: 874151b45f31b1497d68f1e3f0381d5f648aa1c67bb36e0ea27544d7203e4480
                                                                                                                                                • Instruction ID: bacbed10faa9c712f3c82f561271e4f885ecadc4ebf0ad3707ebc717ea8259ec
                                                                                                                                                • Opcode Fuzzy Hash: 874151b45f31b1497d68f1e3f0381d5f648aa1c67bb36e0ea27544d7203e4480
                                                                                                                                                • Instruction Fuzzy Hash: 10E0D8A3B0051426F22069AD9C91F57524C8741775F060236FF50EB2D2C858DC0082E9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00448990, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CLSIDFromProgID.OLE32(00000000,?,00000000,004489DD,?,?,?,00000000,?,00448C0A,00000000,00448C33,?,00000000,00448CA5), ref: 004489BD
                                                                                                                                                  • Part of subcall function 004066A0: SysFreeString.OLEAUT32(00000000), ref: 004066AE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeFromProgString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4225568880-0
                                                                                                                                                • Opcode ID: c040f8ddf73383cfb45d10cbde4b339751bb433e0ee7519d9c788b154b0594a9
                                                                                                                                                • Instruction ID: d24566f821b531a7c0f657e5094b622ab27b0a39e32ee872925123c8968e9668
                                                                                                                                                • Opcode Fuzzy Hash: c040f8ddf73383cfb45d10cbde4b339751bb433e0ee7519d9c788b154b0594a9
                                                                                                                                                • Instruction Fuzzy Hash: B4E0E5B16046047FE700EB72CC43D6E77DCDB49714B61087BF900A2681D93CAD10946D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004084B8, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 004084D6
                                                                                                                                                  • Part of subcall function 004096FC: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,004097B6,?,?,00000000), ref: 00409738
                                                                                                                                                  • Part of subcall function 004096FC: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,004097B6,?,?,00000000), ref: 00409789
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileModuleName$LibraryLoad
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4113206344-0
                                                                                                                                                • Opcode ID: 726082db263f3aef730a60029177e3f16da6ba7c0bbeca0ef25bfe12156f950d
                                                                                                                                                • Instruction ID: 84a50274850c95b4fc87c18cfcdc9180fa5da4c171fbecd4e53eb16d17106fab
                                                                                                                                                • Opcode Fuzzy Hash: 726082db263f3aef730a60029177e3f16da6ba7c0bbeca0ef25bfe12156f950d
                                                                                                                                                • Instruction Fuzzy Hash: 34E06DB1A003108BCF10DE5CC9C5A4333D8AB08714F00496AAC54DF387E775DD1087E9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040675C, Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SysAllocStringLen.OLEAUT32(?,00000000), ref: 0040676A
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2525500382-0
                                                                                                                                                • Opcode ID: 5f293853e579235df59ddffc3cbd8cfeaf861dff443e9f7eaa5e4097a6389a0d
                                                                                                                                                • Instruction ID: 7c190c308cff0dc503c60dfeb07588169fff2f6a40eec2b029ac594f9979db96
                                                                                                                                                • Opcode Fuzzy Hash: 5f293853e579235df59ddffc3cbd8cfeaf861dff443e9f7eaa5e4097a6389a0d
                                                                                                                                                • Instruction Fuzzy Hash: 4AD023F41001025EE7044E2C854093B73655FD1300314C37E60036F2C0EB39C402D724
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004066A0, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 004066AE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3341692771-0
                                                                                                                                                • Opcode ID: a96d3c20b4833c09fa3b6750171d0cb23c67ce649bde5ef5ce66f0d82a468a31
                                                                                                                                                • Instruction ID: c502c5c1cef0633c5af99a67c5ba2c6b5651eed214efe9880cf31f798dc04ea7
                                                                                                                                                • Opcode Fuzzy Hash: a96d3c20b4833c09fa3b6750171d0cb23c67ce649bde5ef5ce66f0d82a468a31
                                                                                                                                                • Instruction Fuzzy Hash: 16B092F91012009EFA15AB118851B23327AABD1710F39C9AEA800AA29ADB7998409668
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004442B4, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00449B38,00000000,?,004444E7,0044FB68,?,00000000,00400000,00000000,00000000,00000000), ref: 004442D2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                • Opcode ID: 68a60080fb768f31ebd65d5cb418667255a1d9fa2e291803da4fd291a68f6701
                                                                                                                                                • Instruction ID: 77fa880584012e28bc63f315bc8d7d1e79ded3dccadb1c75ade54c8151365eee
                                                                                                                                                • Opcode Fuzzy Hash: 68a60080fb768f31ebd65d5cb418667255a1d9fa2e291803da4fd291a68f6701
                                                                                                                                                • Instruction Fuzzy Hash: BA119E346003058FD310DF59D880B46F7E4EF88394F10C53AE9599B389D374E8048BA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402E1A, Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00402E4B
                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00402E6E
                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00402E7B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Virtual$Free$Query
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 778034434-0
                                                                                                                                                • Opcode ID: 46db51c03f94f0b55a5d5ed18350963a882af4d12aac357629f417569eeef35f
                                                                                                                                                • Instruction ID: e79334c6d38df843aeded41591f3acccd51a3776b8de312ccba62099ce4a3d8c
                                                                                                                                                • Opcode Fuzzy Hash: 46db51c03f94f0b55a5d5ed18350963a882af4d12aac357629f417569eeef35f
                                                                                                                                                • Instruction Fuzzy Hash: 64F08B303006109BC310DB1ACA48B17B7E1EFC4750F15817AE888973E0D374DC028796
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004443CC, Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,00444C16), ref: 0044440C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                • Opcode ID: a277b6ede2e4e1ccaaad787190262fb7e493dece75c6f6604c5528a647473398
                                                                                                                                                • Instruction ID: 3a62e856c490924b10446b7761548bf5b5c7c55fb8365b70514fbf882d0671d3
                                                                                                                                                • Opcode Fuzzy Hash: a277b6ede2e4e1ccaaad787190262fb7e493dece75c6f6604c5528a647473398
                                                                                                                                                • Instruction Fuzzy Hash: 33F0E972B403214BE3306FD6BCC0B27B285AFC4B56F10003AAE055BB56C5689C06436C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402CF8, Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,0040330B), ref: 00402D0E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                • Opcode ID: df224ea6630a00a52af4ea486a655afc24b4455ea9b2b2d91d9e6f7d0e8df90f
                                                                                                                                                • Instruction ID: 93498578c0424601ab996eb324d49ed78f060ddd2facf5658391812f14bd015b
                                                                                                                                                • Opcode Fuzzy Hash: df224ea6630a00a52af4ea486a655afc24b4455ea9b2b2d91d9e6f7d0e8df90f
                                                                                                                                                • Instruction Fuzzy Hash: 90F04FF1B013808BEF599F798E453057AE5A789305F10813EE909DB7DAE7748C068B14
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00408E18, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 151stringlibraryfileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                			E00408E18(WCHAR* __eax, int __edx) {
				WCHAR* _v8;
				int _v12;
				WCHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				signed int _t56;
				signed int _t57;
				signed int _t101;
				signed int _t102;
				intOrPtr* _t103;
				WCHAR* _t110;
				struct HINSTANCE__* _t111;
				WCHAR* _t113;
				short* _t114;
				void* _t115;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t111 = GetModuleHandleW(L"kernel32.dll");
				if(_t111 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t113 =  &(_v8[2]);
						goto L10;
					} else {
						if(_v8[1] == 0x5c) {
							_t114 = E00408DF4( &(_v8[2]));
							if( *_t114 != 0) {
								_t14 = _t114 + 2; // 0x2
								_t113 = E00408DF4(_t14);
								if( *_t113 != 0) {
									L10:
									_t101 = _t113 - _v8;
									_t102 = _t101 >> 1;
									if(_t101 < 0) {
										asm("adc ebx, 0x0");
									}
									lstrcpynW( &_v1134, _v8, _t102 + 1);
									while( *_t113 != 0) {
										_t110 = E00408DF4( &(_t113[1]));
										_t50 = _t110 - _t113;
										_t51 = _t50 >> 1;
										if(_t50 < 0) {
											asm("adc eax, 0x0");
										}
										if(_t51 + _t102 + 1 <= 0x105) {
											_t56 = _t110 - _t113;
											_t57 = _t56 >> 1;
											if(_t56 < 0) {
												asm("adc eax, 0x0");
											}
											lstrcpynW( &_v1134 + _t102 + _t102, _t113, _t57 + 1);
											_v20 = FindFirstFileW( &_v1134,  &_v612);
											if(_v20 != 0xffffffff) {
												FindClose(_v20);
												if(lstrlenW( &(_v612.cFileName)) + _t102 + 1 + 1 <= 0x105) {
													 *((short*)(_t115 + _t102 * 2 - 0x46a)) = 0x5c;
													lstrcpynW( &(( &_v1134 + _t102 + _t102)[1]),  &(_v612.cFileName), 0x105 - _t102 - 1);
													_t102 = _t102 + lstrlenW( &(_v612.cFileName)) + 1;
													_t113 = _t110;
													continue;
												}
											}
										}
										goto L23;
									}
									lstrcpynW(_v8,  &_v1134, _v12);
								}
							}
						}
					}
				} else {
					_t103 = GetProcAddress(_t111, "GetLongPathNameW");
					if(_t103 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t103() == 0) {
							goto L4;
						} else {
							lstrcpynW(_v8,  &_v1134, _v12);
						}
					}
				}
				L23:
				return _v16;
			}





















                                                                                                                                                0x00408e24
                                                                                                                                                0x00408e27
                                                                                                                                                0x00408e2d
                                                                                                                                                0x00408e3a
                                                                                                                                                0x00408e3e
                                                                                                                                                0x00408e80
                                                                                                                                                0x00408e87
                                                                                                                                                0x00408ec7
                                                                                                                                                0x00000000
                                                                                                                                                0x00408e89
                                                                                                                                                0x00408e91
                                                                                                                                                0x00408ea2
                                                                                                                                                0x00408ea8
                                                                                                                                                0x00408eae
                                                                                                                                                0x00408eb6
                                                                                                                                                0x00408ebc
                                                                                                                                                0x00408eca
                                                                                                                                                0x00408ecc
                                                                                                                                                0x00408ecf
                                                                                                                                                0x00408ed1
                                                                                                                                                0x00408ed3
                                                                                                                                                0x00408ed3
                                                                                                                                                0x00408ee5
                                                                                                                                                0x00408fb4
                                                                                                                                                0x00408ef7
                                                                                                                                                0x00408efb
                                                                                                                                                0x00408efd
                                                                                                                                                0x00408eff
                                                                                                                                                0x00408f01
                                                                                                                                                0x00408f01
                                                                                                                                                0x00408f0c
                                                                                                                                                0x00408f14
                                                                                                                                                0x00408f16
                                                                                                                                                0x00408f18
                                                                                                                                                0x00408f1a
                                                                                                                                                0x00408f1a
                                                                                                                                                0x00408f2d
                                                                                                                                                0x00408f45
                                                                                                                                                0x00408f4c
                                                                                                                                                0x00408f56
                                                                                                                                                0x00408f72
                                                                                                                                                0x00408f74
                                                                                                                                                0x00408f9e
                                                                                                                                                0x00408fb0
                                                                                                                                                0x00408fb2
                                                                                                                                                0x00000000
                                                                                                                                                0x00408fb2
                                                                                                                                                0x00408f72
                                                                                                                                                0x00408f4c
                                                                                                                                                0x00000000
                                                                                                                                                0x00408f0c
                                                                                                                                                0x00408fcd
                                                                                                                                                0x00408fcd
                                                                                                                                                0x00408ebc
                                                                                                                                                0x00408ea8
                                                                                                                                                0x00408e91
                                                                                                                                                0x00408e40
                                                                                                                                                0x00408e4b
                                                                                                                                                0x00408e4f
                                                                                                                                                0x00000000
                                                                                                                                                0x00408e51
                                                                                                                                                0x00408e51
                                                                                                                                                0x00408e5c
                                                                                                                                                0x00408e60
                                                                                                                                                0x00408e65
                                                                                                                                                0x00000000
                                                                                                                                                0x00408e67
                                                                                                                                                0x00408e76
                                                                                                                                                0x00408e76
                                                                                                                                                0x00408e65
                                                                                                                                                0x00408e4f
                                                                                                                                                0x00408fd2
                                                                                                                                                0x00408fdb

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,?), ref: 00408E35
                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 00408E46
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?), ref: 00408E76
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?,kernel32.dll,00000000,?,?), ref: 00408EE5
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,00000000,?,?), ref: 00408F2D
                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?,?), ref: 00408F40
                                                                                                                                                • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?,?), ref: 00408F56
                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?,?), ref: 00408F62
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,?), ref: 00408F9E
                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000), ref: 00408FAA
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 00408FCD
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                                                • API String ID: 3245196872-3908791685
                                                                                                                                                • Opcode ID: 6fc662dbf38172c3357a5624cd4637a0eaa083cf6f2ddcde574d068a31360b0c
                                                                                                                                                • Instruction ID: c2c30a56847bddfd7ab489ca50c73ff6f6231bf7b6b259a2dc63f07ee1febca5
                                                                                                                                                • Opcode Fuzzy Hash: 6fc662dbf38172c3357a5624cd4637a0eaa083cf6f2ddcde574d068a31360b0c
                                                                                                                                                • Instruction Fuzzy Hash: 0F518872D006199BDB10EAA8CD85ADF73B9AF04310F1445BEE544F72C1EB78EE448B99
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043D5F0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                			E0043D5F0(void* __eax, struct HINSTANCE__* __edx, WCHAR* _a8) {
				WCHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				WCHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceW(__edx, _v8, _a8);
				 *(_t23 + 0x10) = _t29;
				if(_t29 == 0) {
					E0043D550(_t23, _t24, _t29, _t31, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x43d68c
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				if(_t30 == 0) {
					E0043D550(_t23, _t24, _t30, _t31, _t32);
				}
				_t7 = _t23 + 0x10; // 0x43d68c
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x43cd40
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E0043D29C(_t23, _t25, _t18);
			}

















                                                                                                                                                0x0043d5f7
                                                                                                                                                0x0043d5fa
                                                                                                                                                0x0043d5fc
                                                                                                                                                0x0043d60c
                                                                                                                                                0x0043d60e
                                                                                                                                                0x0043d613
                                                                                                                                                0x0043d616
                                                                                                                                                0x0043d61b
                                                                                                                                                0x0043d61b
                                                                                                                                                0x0043d61c
                                                                                                                                                0x0043d626
                                                                                                                                                0x0043d628
                                                                                                                                                0x0043d62d
                                                                                                                                                0x0043d630
                                                                                                                                                0x0043d635
                                                                                                                                                0x0043d636
                                                                                                                                                0x0043d640
                                                                                                                                                0x0043d641
                                                                                                                                                0x0043d645
                                                                                                                                                0x0043d64e
                                                                                                                                                0x0043d659

                                                                                                                                                APIs
                                                                                                                                                • FindResourceW.KERNEL32(00400000,?,?,00433D98,00400000,00000001,00000000,?,0043D532,00000000,?,?,?,00000001,?,004567F2), ref: 0043D607
                                                                                                                                                • LoadResource.KERNEL32(00400000,0043D68C,00400000,?,?,00433D98,00400000,00000001,00000000,?,0043D532,00000000,?,?,?,00000001), ref: 0043D621
                                                                                                                                                • SizeofResource.KERNEL32(00400000,0043D68C,00400000,0043D68C,00400000,?,?,00433D98,00400000,00000001,00000000,?,0043D532,00000000,?), ref: 0043D63B
                                                                                                                                                • LockResource.KERNEL32(0043CD40,00000000,00400000,0043D68C,00400000,0043D68C,00400000,?,?,00433D98,00400000,00000001,00000000,?,0043D532,00000000), ref: 0043D645
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3473537107-0
                                                                                                                                                • Opcode ID: 21bff3148a18287d3aedc3b092e0fefbb2716f759b33f6cfee4408a0480238ba
                                                                                                                                                • Instruction ID: 5c6506a372c44ba7d4ae1c09265ccc7c3082bd2654578311fad079b234c7f6c5
                                                                                                                                                • Opcode Fuzzy Hash: 21bff3148a18287d3aedc3b092e0fefbb2716f759b33f6cfee4408a0480238ba
                                                                                                                                                • Instruction Fuzzy Hash: AFF04BB3A002046F8745EE5DA881D5B77ECAE9C264B10006BF918D7246DA38DD2187B9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004089BC, Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                			E004089BC(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				short _v182;
				short _v352;
				char _v356;
				char _v360;
				char _v364;
				int _t58;
				signed int _t61;
				intOrPtr _t70;
				signed short _t80;
				void* _t83;
				void* _t85;
				void* _t86;

				_t77 = __edi;
				_push(__edi);
				_v356 = 0;
				_v360 = 0;
				_v364 = 0;
				_v8 = __edx;
				_t80 = __eax;
				_push(_t83);
				_push(0x408b21);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xfffffe98;
				E00406658(_v8);
				_t85 = _t80 -  *0x4579f8; // 0x404
				if(_t85 >= 0) {
					_t86 = _t80 -  *0x457bf8; // 0x7c68
					if(_t86 <= 0) {
						_t77 = 0x40;
						_v12 = 0;
						if(0x40 >= _v12) {
							do {
								_t61 = _t77 + _v12 >> 1;
								if(_t80 >=  *((intOrPtr*)(0x4579f8 + _t61 * 8))) {
									__eflags = _t80 -  *((intOrPtr*)(0x4579f8 + _t61 * 8));
									if(__eflags <= 0) {
										E004088CC( *((intOrPtr*)(0x4579fc + _t61 * 8)), _t61, _v8, _t77, _t80, __eflags);
									} else {
										_v12 = _t61 + 1;
										goto L8;
									}
								} else {
									_t77 = _t61 - 1;
									goto L8;
								}
								goto L9;
								L8:
							} while (_t77 >= _v12);
						}
					}
				}
				L9:
				if( *_v8 == 0 && IsValidLocale(_t80 & 0x0000ffff, 2) != 0) {
					_t58 = _t80 & 0x0000ffff;
					GetLocaleInfoW(_t58, 0x59,  &_v182, 0x55);
					GetLocaleInfoW(_t58, 0x5a,  &_v352, 0x55);
					E0040734C( &_v356, 0x55,  &_v182);
					_push(_v356);
					_push(0x408b3c);
					E0040734C( &_v360, 0x55,  &_v352);
					_push(_v360);
					_push(E00408B4C);
					E0040734C( &_v364, 0x55,  &_v182);
					_push(_v364);
					E00407584(_v8, _t58, 5, _t77, _t80);
				}
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(E00408B28);
				return E004066B8( &_v364, 3);
			}

















                                                                                                                                                0x004089bc
                                                                                                                                                0x004089c7
                                                                                                                                                0x004089ca
                                                                                                                                                0x004089d0
                                                                                                                                                0x004089d6
                                                                                                                                                0x004089dc
                                                                                                                                                0x004089df
                                                                                                                                                0x004089e3
                                                                                                                                                0x004089e4
                                                                                                                                                0x004089e9
                                                                                                                                                0x004089ec
                                                                                                                                                0x004089f2
                                                                                                                                                0x004089f7
                                                                                                                                                0x004089fe
                                                                                                                                                0x00408a00
                                                                                                                                                0x00408a07
                                                                                                                                                0x00408a09
                                                                                                                                                0x00408a10
                                                                                                                                                0x00408a16
                                                                                                                                                0x00408a18
                                                                                                                                                0x00408a1d
                                                                                                                                                0x00408a27
                                                                                                                                                0x00408a2e
                                                                                                                                                0x00408a36
                                                                                                                                                0x00408a48
                                                                                                                                                0x00408a38
                                                                                                                                                0x00408a39
                                                                                                                                                0x00000000
                                                                                                                                                0x00408a39
                                                                                                                                                0x00408a29
                                                                                                                                                0x00408a2b
                                                                                                                                                0x00000000
                                                                                                                                                0x00408a2b
                                                                                                                                                0x00000000
                                                                                                                                                0x00408a4f
                                                                                                                                                0x00408a4f
                                                                                                                                                0x00408a18
                                                                                                                                                0x00408a16
                                                                                                                                                0x00408a07
                                                                                                                                                0x00408a54
                                                                                                                                                0x00408a5a
                                                                                                                                                0x00408a7e
                                                                                                                                                0x00408a82
                                                                                                                                                0x00408a93
                                                                                                                                                0x00408aa9
                                                                                                                                                0x00408aae
                                                                                                                                                0x00408ab4
                                                                                                                                                0x00408aca
                                                                                                                                                0x00408acf
                                                                                                                                                0x00408ad5
                                                                                                                                                0x00408aeb
                                                                                                                                                0x00408af0
                                                                                                                                                0x00408afe
                                                                                                                                                0x00408afe
                                                                                                                                                0x00408b05
                                                                                                                                                0x00408b08
                                                                                                                                                0x00408b0b
                                                                                                                                                0x00408b20

                                                                                                                                                APIs
                                                                                                                                                • IsValidLocale.KERNEL32(?,00000002,00000000,00408B21,?,00000000,?,00000000), ref: 00408A66
                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,00408B21,?,00000000,?,00000000), ref: 00408A82
                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,00408B21,?,00000000,?,00000000), ref: 00408A93
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Locale$Info$Valid
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1826331170-0
                                                                                                                                                • Opcode ID: 22d8cb12e7d1f52442a32d621a72acb218c697269971090c3e0ead149c1e2666
                                                                                                                                                • Instruction ID: 31816f5ccf34b3f7f43ecd365d394b29b5cc4e2708a66eaf846b7fd251117c9b
                                                                                                                                                • Opcode Fuzzy Hash: 22d8cb12e7d1f52442a32d621a72acb218c697269971090c3e0ead149c1e2666
                                                                                                                                                • Instruction Fuzzy Hash: 4831C471A046089BDF21EB54DD81BDF77B9EB48701F1105BFA548732D1DA386E84CE19
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00451718, Relevance: 3.8, Strings: 3, Instructions: 93COMMONCrypto
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00451718(void* __edx, void* __fp0) {
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t28;
				void* _t41;

				E0045165C();
				 *0x45e0e4 = E00404484(0x2000);
				 *0x45e0ec = E00404484(0x7f6);
				 *0x45e0f0 = E00404484(0x7f6);
				 *0x45e308 = E00404484(0x2000);
				 *0x45e30c = E00404484(0x1fe);
				_t12 =  *0x45e0e4; // 0x0
				E004049AC(_t12, 0x2000);
				_t14 =  *0x45e0ec; // 0x0
				E004049AC(_t14, 0x7f6);
				_t16 =  *0x45e0f0; // 0x0
				E004049AC(_t16, 0x7f6);
				_t18 =  *0x45e308; // 0x0
				E004049AC(_t18, 0x2000);
				_t20 =  *0x45e30c; // 0x0
				E004049AC(_t20, 0x1fe);
				 *0x45efe4 = 0;
				 *0x45e0d8 = 0;
				 *0x45e0da = 0;
				 *0x45e0dc = 0;
				 *0x45e0de = 0;
				 *0x45e0e0 = 0;
				 *0x45e0e8 = 0;
				E004049AC(0x45e0f4, 0x200);
				E004049AC(0x45e2f4, 0x13);
				 *0x45e310 = 0;
				 *0x45e314 = E00404484(0x3fe);
				_t28 =  *0x45e314; // 0x0
				E004049AC(_t28, 0x3fe);
				E004049AC(0x45e318, 0x22);
				 *0x45e33a = 0;
				E004049AC(0x45e33c, 0x7f6);
				E004049AC(0x45eb32, 0x36);
				E004049AC(0x45eb68, 0x4a);
				E004049AC(0x45ebb2, 0x3fc);
				_t41 = E004049AC(0x45efae, 0x26);
				 *0x45efd4 = 0;
				 *0x45efd6 = 0;
				 *0x45efd8 = 0;
				 *0x45efda = 0;
				 *0x45efdc = 0;
				 *0x45efde = 0;
				 *0x45efe0 = 0;
				 *0x45efe2 = 0;
				return _t41;
			}










                                                                                                                                                0x00451718
                                                                                                                                                0x00451727
                                                                                                                                                0x00451736
                                                                                                                                                0x00451745
                                                                                                                                                0x00451754
                                                                                                                                                0x00451763
                                                                                                                                                0x00451768
                                                                                                                                                0x00451774
                                                                                                                                                0x00451779
                                                                                                                                                0x00451785
                                                                                                                                                0x0045178a
                                                                                                                                                0x00451796
                                                                                                                                                0x0045179b
                                                                                                                                                0x004517a7
                                                                                                                                                0x004517ac
                                                                                                                                                0x004517b8
                                                                                                                                                0x004517bd
                                                                                                                                                0x004517c6
                                                                                                                                                0x004517cf
                                                                                                                                                0x004517d8
                                                                                                                                                0x004517e1
                                                                                                                                                0x004517ea
                                                                                                                                                0x004517f3
                                                                                                                                                0x00451808
                                                                                                                                                0x00451819
                                                                                                                                                0x0045181e
                                                                                                                                                0x00451831
                                                                                                                                                0x00451836
                                                                                                                                                0x00451842
                                                                                                                                                0x00451853
                                                                                                                                                0x00451858
                                                                                                                                                0x0045186d
                                                                                                                                                0x0045187e
                                                                                                                                                0x0045188f
                                                                                                                                                0x004518a0
                                                                                                                                                0x004518b1
                                                                                                                                                0x004518b6
                                                                                                                                                0x004518bf
                                                                                                                                                0x004518c8
                                                                                                                                                0x004518d1
                                                                                                                                                0x004518da
                                                                                                                                                0x004518e3
                                                                                                                                                0x004518ec
                                                                                                                                                0x004518f5
                                                                                                                                                0x004518fe

                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 2E$<E$hE
                                                                                                                                                • API String ID: 0-925739447
                                                                                                                                                • Opcode ID: 152aebfc650d6525299d6768cf576a3b77aa4014acd52c5b80e87ccc96b29c26
                                                                                                                                                • Instruction ID: 1a1a3f1a65cadfddee93f524ab4eabfac3b1f91d0ff0c3955709e5308388c631
                                                                                                                                                • Opcode Fuzzy Hash: 152aebfc650d6525299d6768cf576a3b77aa4014acd52c5b80e87ccc96b29c26
                                                                                                                                                • Instruction Fuzzy Hash: DC31BAA061431156E74CAB6AE45632B3291EBC830AF10903EF5069B2E3DB7DCA55879E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044F3E4, Relevance: 3.1, APIs: 2, Instructions: 127COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateBindCtx.OLE32(00000000,00000000), ref: 0044F461
                                                                                                                                                • MkParseDisplayNameEx.URLMON(?,00000000,?,00000000), ref: 0044F485
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: BindCreateDisplayNameParse
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3124428456-0
                                                                                                                                                • Opcode ID: 7feb372e847c9447aacf95262d0fa698a7a73ae3358fed42abc39ebb35e8538e
                                                                                                                                                • Instruction ID: 8c1ec592f10d06e07d34161727b25623b9214c2fa973a7c44177970975884378
                                                                                                                                                • Opcode Fuzzy Hash: 7feb372e847c9447aacf95262d0fa698a7a73ae3358fed42abc39ebb35e8538e
                                                                                                                                                • Instruction Fuzzy Hash: F04133B5A001099FDB00EF65D8819DE77B9FF49314B11847AF900E7362DB38ED058BA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004197A4, Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004197A4(void* __eax) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t11;

				_t11 = FindFirstFileW(E004072B8(__eax),  &_v596);
				if(_t11 == 0xffffffff) {
					return 0;
				}
				return FindClose(_t11) & 0xffffff00 | (_v596.dwFileAttributes & 0x00000010) == 0x00000000;
			}





                                                                                                                                                0x004197bf
                                                                                                                                                0x004197c7
                                                                                                                                                0x00000000
                                                                                                                                                0x004197db
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,?,0041986B,00000000,?,?,00000001,00456B77,?,?,?,?,?,00000005), ref: 004197BF
                                                                                                                                                • FindClose.KERNEL32(00000000,00000000,?,00000000,?,0041986B,00000000,?,?,00000001,00456B77,?), ref: 004197CA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                • Opcode ID: 53e43887202254b3bf8cb9bd86dd50929c27cfafd8bbb6f4203e87b3af68803a
                                                                                                                                                • Instruction ID: 959c51b3cb224053326e4c2c471bdd2b26c4cd2e226f9682ffbba4c953fc5917
                                                                                                                                                • Opcode Fuzzy Hash: 53e43887202254b3bf8cb9bd86dd50929c27cfafd8bbb6f4203e87b3af68803a
                                                                                                                                                • Instruction Fuzzy Hash: 54E0CD3151430C12C71065B90CC969B73DC1F04325F040BBB7C2CE39D2E63CDA9000AE
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00412816, Relevance: 2.9, Instructions: 2860COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 917cd42067991ceb7ce0fe5197c38df47a8433928eda23641d915da347d54371
                                                                                                                                                • Instruction ID: f53cef29b3aa282c71d659f99581e5043bd25f9f26fffa6d725693162d2b965a
                                                                                                                                                • Opcode Fuzzy Hash: 917cd42067991ceb7ce0fe5197c38df47a8433928eda23641d915da347d54371
                                                                                                                                                • Instruction Fuzzy Hash: 1A33868AA4E7C10FE303477099656906F719F6726AF2F45EB80D9CF1E3E55C894AC322
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419CF4, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 00419D15
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DiskFreeSpace
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1705453755-0
                                                                                                                                                • Opcode ID: a69c900bfaa10d319b25d7fecb6ce37beb017d01010d022262c651b2690b1e48
                                                                                                                                                • Instruction ID: e30747e21c124f3c142110857c1895219b73afd6567c45531432e4abb2213a1a
                                                                                                                                                • Opcode Fuzzy Hash: a69c900bfaa10d319b25d7fecb6ce37beb017d01010d022262c651b2690b1e48
                                                                                                                                                • Instruction Fuzzy Hash: 791100B5E00209AFDB00CF99C881DAFB7F9EFC8304B14C569A404E7250E6319E418B90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041D5D8, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041D5F6
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                • Opcode ID: 9ef8582702aae24bf13ebae2876fb876fe12c1a796aaa81127c0adba4e8c8569
                                                                                                                                                • Instruction ID: fd2140c7687814ae6b0221584b385d61656bdf661b8b30dbf6f9ace9821c5ade
                                                                                                                                                • Opcode Fuzzy Hash: 9ef8582702aae24bf13ebae2876fb876fe12c1a796aaa81127c0adba4e8c8569
                                                                                                                                                • Instruction Fuzzy Hash: CBE0D872B0031817D310A5598C86AFBB25C978C300F40427FBD09D7383EEB89D6547E9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041F038, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetVersionExW.KERNEL32(?,0045633A,00000000,00456365), ref: 0041F046
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Version
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1889659487-0
                                                                                                                                                • Opcode ID: a446ad9ae7d2fe1b57c3ac30641f15db2d576487ccf306fa7b1a676f181d4b1b
                                                                                                                                                • Instruction ID: f86d1593c8c6e4621ec5c9e600b7dc7e122a183f3d3b6ca447a9c75ee01ed4e2
                                                                                                                                                • Opcode Fuzzy Hash: a446ad9ae7d2fe1b57c3ac30641f15db2d576487ccf306fa7b1a676f181d4b1b
                                                                                                                                                • Instruction Fuzzy Hash: 5DF01D789083019FC344DF18E8426557BE5FB48302F40887EE884C73A2E379DC488F5A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042053C, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • EnumSystemLocalesW.KERNEL32(00420360,00000002,?,?,00420635,0041DA85,?,00000000,0041DAC6,?,?,?,00000000,00000000), ref: 00420569
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                • Opcode ID: 3b6fe942ed2a50db71fef99ae923f1066459b3562a9b8e81c4df99462c997cc2
                                                                                                                                                • Instruction ID: 1042387f0491a04feb4764da1a7d4e86217ffd090032093bff069d6c25d1c88c
                                                                                                                                                • Opcode Fuzzy Hash: 3b6fe942ed2a50db71fef99ae923f1066459b3562a9b8e81c4df99462c997cc2
                                                                                                                                                • Instruction Fuzzy Hash: 10E0DF52700A2097C220F7AA1883B9A76819F44BA4F088137BD08AB3C3D93E0C5006EE
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041D624, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041D70C,?,00000001,00000000,0041D91B), ref: 0041D637
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                • Opcode ID: 1977669524f6f83aa256ded4ba7b5450e58b0d4d915b8112ae6e0bce1eabc79c
                                                                                                                                                • Instruction ID: 10cf7c9bab5d796c398816fe4608beb8514a77b696b4b27a4cb81f12bf1d6eed
                                                                                                                                                • Opcode Fuzzy Hash: 1977669524f6f83aa256ded4ba7b5450e58b0d4d915b8112ae6e0bce1eabc79c
                                                                                                                                                • Instruction Fuzzy Hash: A2D05EE63092206AE210915BAD85DBB56DCCBC5761F14443BBA4CC6242E228CC46D376
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042037C, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000400,00000000,00420420,?,00000000,00420503,?,?,?,00000000,00000000,?,00420376), ref: 00420397
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                • Opcode ID: 5789e8b2d34f9f8cc052b0ee65c417b388c9476a9a84c8fff50f75aa152dcbdb
                                                                                                                                                • Instruction ID: cc37a42323eb48dfaaf225ad5dec4c030b410a541396a3624dbd941186b5d962
                                                                                                                                                • Opcode Fuzzy Hash: 5789e8b2d34f9f8cc052b0ee65c417b388c9476a9a84c8fff50f75aa152dcbdb
                                                                                                                                                • Instruction Fuzzy Hash: 79D0A7E1F2420013F60462959C42B2631889F84704F10403C7B84973C0EE7C781992BF
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041BB80, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LocalTime
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 481472006-0
                                                                                                                                                • Opcode ID: 10ee40279e76053cc7b342670719d24015b48e5c33f121a09ee5c115de8b3f36
                                                                                                                                                • Instruction ID: 0faca3ef6f0ece7c1252b17d6fe5b453a7d1bc479e6f60a4f22e90b814ab1887
                                                                                                                                                • Opcode Fuzzy Hash: 10ee40279e76053cc7b342670719d24015b48e5c33f121a09ee5c115de8b3f36
                                                                                                                                                • Instruction Fuzzy Hash: 61A0120080482001C54073190C0313431405800720FC84B5578F8502D1F92D01318097
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00407E34, Relevance: .1, Instructions: 64COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
                                                                                                                                                • Instruction ID: 06eb546eeaeab13a44efd80395d03707096c3a97053ba3a813aaad898d98d5b1
                                                                                                                                                • Opcode Fuzzy Hash: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
                                                                                                                                                • Instruction Fuzzy Hash: F201C432B053110B870CDD3ECD9852ABAC3ABD8910F09C63E9589D76C8DD318C1AC286
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404CA8, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ae0e43f82692c6785844f3e70bb209c8b319b1924ab6e756aa91dc1deac9637f
                                                                                                                                                • Instruction ID: 0d0a1de50f84049ba1db36b0cc2a5815bbe2a70d1702ee3e31d84e551ae84beb
                                                                                                                                                • Opcode Fuzzy Hash: ae0e43f82692c6785844f3e70bb209c8b319b1924ab6e756aa91dc1deac9637f
                                                                                                                                                • Instruction Fuzzy Hash: 8DD012EE23A10656F776C06D68A0B631547E7C0315F26CC3BE502E6FC0D17ECCA0A118
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00421FA0, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00421FA0() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x45df00 = E00421F74("VariantChangeTypeEx", E00421AB8, _t91);
				 *0x45df04 = E00421F74("VarNeg", E00421B00, _t91);
				 *0x45df08 = E00421F74("VarNot", E00421B00, _t91);
				 *0x45df0c = E00421F74("VarAdd", E00421B0C, _t91);
				 *0x45df10 = E00421F74("VarSub", E00421B0C, _t91);
				 *0x45df14 = E00421F74("VarMul", E00421B0C, _t91);
				 *0x45df18 = E00421F74("VarDiv", E00421B0C, _t91);
				 *0x45df1c = E00421F74("VarIdiv", E00421B0C, _t91);
				 *0x45df20 = E00421F74("VarMod", E00421B0C, _t91);
				 *0x45df24 = E00421F74("VarAnd", E00421B0C, _t91);
				 *0x45df28 = E00421F74("VarOr", E00421B0C, _t91);
				 *0x45df2c = E00421F74("VarXor", E00421B0C, _t91);
				 *0x45df30 = E00421F74("VarCmp", E00421B18, _t91);
				 *0x45df34 = E00421F74("VarI4FromStr", E00421B24, _t91);
				 *0x45df38 = E00421F74("VarR4FromStr", E00421B90, _t91);
				 *0x45df3c = E00421F74("VarR8FromStr", E00421C00, _t91);
				 *0x45df40 = E00421F74("VarDateFromStr", E00421C70, _t91);
				 *0x45df44 = E00421F74("VarCyFromStr", E00421CE0, _t91);
				 *0x45df48 = E00421F74("VarBoolFromStr", E00421D50, _t91);
				 *0x45df4c = E00421F74("VarBstrFromCy", E00421DD0, _t91);
				 *0x45df50 = E00421F74("VarBstrFromDate", E00421E58, _t91);
				_t46 = E00421F74("VarBstrFromBool", E00421EE0, _t91);
				 *0x45df54 = _t46;
				return _t46;
			}






                                                                                                                                                0x00421fae
                                                                                                                                                0x00421fc2
                                                                                                                                                0x00421fd8
                                                                                                                                                0x00421fee
                                                                                                                                                0x00422004
                                                                                                                                                0x0042201a
                                                                                                                                                0x00422030
                                                                                                                                                0x00422046
                                                                                                                                                0x0042205c
                                                                                                                                                0x00422072
                                                                                                                                                0x00422088
                                                                                                                                                0x0042209e
                                                                                                                                                0x004220b4
                                                                                                                                                0x004220ca
                                                                                                                                                0x004220e0
                                                                                                                                                0x004220f6
                                                                                                                                                0x0042210c
                                                                                                                                                0x00422122
                                                                                                                                                0x00422138
                                                                                                                                                0x0042214e
                                                                                                                                                0x00422164
                                                                                                                                                0x0042217a
                                                                                                                                                0x0042218a
                                                                                                                                                0x00422190
                                                                                                                                                0x00422197

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 00421FA9
                                                                                                                                                  • Part of subcall function 00421F74: GetProcAddress.KERNEL32(00000000), ref: 00421F8D
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                • API String ID: 1646373207-1918263038
                                                                                                                                                • Opcode ID: 9f368a8b1535f46e80897168a8ee1d046f32eb549a4dc20980ad3daa11e2e0f9
                                                                                                                                                • Instruction ID: 40e5a962484a58f9322c094e994643a36cc7ffb4c4ca6f455a0de5ddf045b3d9
                                                                                                                                                • Opcode Fuzzy Hash: 9f368a8b1535f46e80897168a8ee1d046f32eb549a4dc20980ad3daa11e2e0f9
                                                                                                                                                • Instruction Fuzzy Hash: DD415D22F083246B13146B6E7A0142637D8DBA43167E1C2BBF415CB276DF7CB942862E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040A194, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                			E0040A194(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x457c30, 8 << 2);
				_pop(_t194);
				_v56 =  *0x457c30;
				_v52 = E0040A644( *0x00457C34);
				_v48 = E0040A654( *0x00457C38);
				_v44 = E0040A664( *0x00457C3C);
				_v40 = E0040A674( *0x00457C40);
				_v36 = E0040A674( *0x00457C44);
				_v32 = E0040A674( *0x00457C48);
				_v28 =  *0x00457C4C;
				memcpy( &_v92, 0x457c50, 9 << 2);
				_t196 = _t194;
				_v88 = 0x457c50;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x457c74; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040A684( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x45bc58 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x45bc58 != 0) {
							_t191 =  *0x45bc58(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x45bc5c != 0) {
									_t191 =  *0x45bc5c(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x457c7c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x45bc58 != 0) {
						_t142 =  *0x45bc58(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040A03C(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x457c2c; // 0x0
									 *_v20 = _t126;
									 *0x457c2c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x45bc5c != 0) {
							_t142 =  *0x45bc5c(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x457c78; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x45bc58(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x45bc58 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x45bc58(5,  &_v92);
						}
						return _t191;
					}
				}
			}







































                                                                                                                                                0x0040a1a8
                                                                                                                                                0x0040a1ae
                                                                                                                                                0x0040a1b0
                                                                                                                                                0x0040a1b3
                                                                                                                                                0x0040a1c0
                                                                                                                                                0x0040a1cd
                                                                                                                                                0x0040a1da
                                                                                                                                                0x0040a1e7
                                                                                                                                                0x0040a1f4
                                                                                                                                                0x0040a201
                                                                                                                                                0x0040a20a
                                                                                                                                                0x0040a218
                                                                                                                                                0x0040a21a
                                                                                                                                                0x0040a21b
                                                                                                                                                0x0040a221
                                                                                                                                                0x0040a227
                                                                                                                                                0x0040a22e
                                                                                                                                                0x0040a230
                                                                                                                                                0x0040a236
                                                                                                                                                0x0040a23c
                                                                                                                                                0x0040a24c
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a251
                                                                                                                                                0x0040a25e
                                                                                                                                                0x0040a263
                                                                                                                                                0x0040a265
                                                                                                                                                0x0040a267
                                                                                                                                                0x0040a267
                                                                                                                                                0x0040a26d
                                                                                                                                                0x0040a270
                                                                                                                                                0x0040a278
                                                                                                                                                0x0040a282
                                                                                                                                                0x0040a285
                                                                                                                                                0x0040a28a
                                                                                                                                                0x0040a2a5
                                                                                                                                                0x0040a28c
                                                                                                                                                0x0040a298
                                                                                                                                                0x0040a298
                                                                                                                                                0x0040a2a8
                                                                                                                                                0x0040a2b1
                                                                                                                                                0x0040a2ca
                                                                                                                                                0x0040a2cc
                                                                                                                                                0x0040a38e
                                                                                                                                                0x0040a38e
                                                                                                                                                0x0040a398
                                                                                                                                                0x0040a3a6
                                                                                                                                                0x0040a3a6
                                                                                                                                                0x0040a3aa
                                                                                                                                                0x0040a3f7
                                                                                                                                                0x0040a3f9
                                                                                                                                                0x0040a400
                                                                                                                                                0x0040a40a
                                                                                                                                                0x0040a418
                                                                                                                                                0x0040a418
                                                                                                                                                0x0040a41c
                                                                                                                                                0x0040a41e
                                                                                                                                                0x0040a423
                                                                                                                                                0x0040a429
                                                                                                                                                0x0040a439
                                                                                                                                                0x0040a43e
                                                                                                                                                0x0040a43e
                                                                                                                                                0x0040a41c
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a3ac
                                                                                                                                                0x0040a3b0
                                                                                                                                                0x0040a3eb
                                                                                                                                                0x0040a3f5
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a3b8
                                                                                                                                                0x0040a3bb
                                                                                                                                                0x0040a3c3
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a3dc
                                                                                                                                                0x0040a3e2
                                                                                                                                                0x0040a3e7
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a441
                                                                                                                                                0x0040a444
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a444
                                                                                                                                                0x0040a3c3
                                                                                                                                                0x0040a3b0
                                                                                                                                                0x0040a3aa
                                                                                                                                                0x0040a2d9
                                                                                                                                                0x0040a2e7
                                                                                                                                                0x0040a2e7
                                                                                                                                                0x0040a2eb
                                                                                                                                                0x0040a2f6
                                                                                                                                                0x0040a2f6
                                                                                                                                                0x0040a2fa
                                                                                                                                                0x0040a347
                                                                                                                                                0x0040a353
                                                                                                                                                0x0040a389
                                                                                                                                                0x0040a355
                                                                                                                                                0x0040a359
                                                                                                                                                0x0040a35f
                                                                                                                                                0x0040a364
                                                                                                                                                0x0040a369
                                                                                                                                                0x0040a370
                                                                                                                                                0x0040a376
                                                                                                                                                0x0040a37b
                                                                                                                                                0x0040a380
                                                                                                                                                0x0040a380
                                                                                                                                                0x0040a369
                                                                                                                                                0x0040a359
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a2fc
                                                                                                                                                0x0040a301
                                                                                                                                                0x0040a30b
                                                                                                                                                0x0040a319
                                                                                                                                                0x0040a319
                                                                                                                                                0x0040a31d
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a31f
                                                                                                                                                0x0040a31f
                                                                                                                                                0x0040a324
                                                                                                                                                0x0040a32a
                                                                                                                                                0x0040a33a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a33f
                                                                                                                                                0x0040a31d
                                                                                                                                                0x0040a2b3
                                                                                                                                                0x0040a2bf
                                                                                                                                                0x0040a2c3
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a2c5
                                                                                                                                                0x0040a446
                                                                                                                                                0x0040a44d
                                                                                                                                                0x0040a451
                                                                                                                                                0x0040a454
                                                                                                                                                0x0040a457
                                                                                                                                                0x0040a460
                                                                                                                                                0x0040a460
                                                                                                                                                0x00000000
                                                                                                                                                0x0040a466
                                                                                                                                                0x0040a2c3

                                                                                                                                                APIs
                                                                                                                                                • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040A24C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                • String ID: 0|E$P|E
                                                                                                                                                • API String ID: 3997070919-523040147
                                                                                                                                                • Opcode ID: 5954d4bcf07b1a336b95c84aead8cf2607c592cb666f8b93fa4553561189e641
                                                                                                                                                • Instruction ID: c93129aa7cf0baa7b76bd6b573931db69f35b4f2a5d5d66544aeadbdaaabdbf8
                                                                                                                                                • Opcode Fuzzy Hash: 5954d4bcf07b1a336b95c84aead8cf2607c592cb666f8b93fa4553561189e641
                                                                                                                                                • Instruction Fuzzy Hash: 5DA16A75A003099BDB11DFA8D884BAEB7B5EB48310F14813EE905B73C1DB78A954CB5A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00408CD4, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 76stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                			E00408CD4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t17;
				signed short _t27;
				intOrPtr _t32;
				intOrPtr* _t41;
				intOrPtr _t44;

				_t39 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t41 = __edx;
				_t27 = __eax;
				_push(_t44);
				_push(0x408dd7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				EnterCriticalSection(0x45bb88);
				if(_t27 !=  *0x45bba0) {
					LeaveCriticalSection(0x45bb88);
					E00406658(_t41);
					if(IsValidLocale(_t27 & 0x0000ffff, 2) != 0) {
						if( *0x45bb84 == 0) {
							_t17 = E004089BC(_t27, _t27, _t41, __edi, _t41);
							L0040283C();
							if(_t27 != _t17) {
								if( *_t41 != 0) {
									_t17 = E004074A4(_t41, E00408DF0);
								}
								L0040283C();
								E004089BC(_t17, _t27,  &_v8, _t39, _t41);
								E004074A4(_t41, _v8);
							}
						} else {
							E00408BB8(_t27, _t41);
						}
					}
					EnterCriticalSection(0x45bb88);
					 *0x45bba0 = _t27;
					lstrcpynW("en-US,en,", E004072B8( *_t41), 0xaa);
					LeaveCriticalSection(0x45bb88);
				} else {
					E0040734C(_t41, 0x55, 0x45bba2);
					LeaveCriticalSection(0x45bb88);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(E00408DDE);
				return E00406658( &_v8);
			}









                                                                                                                                                0x00408cd4
                                                                                                                                                0x00408cd7
                                                                                                                                                0x00408cd9
                                                                                                                                                0x00408cda
                                                                                                                                                0x00408cdb
                                                                                                                                                0x00408cdd
                                                                                                                                                0x00408ce1
                                                                                                                                                0x00408ce2
                                                                                                                                                0x00408ce7
                                                                                                                                                0x00408cea
                                                                                                                                                0x00408cf2
                                                                                                                                                0x00408cfe
                                                                                                                                                0x00408d25
                                                                                                                                                0x00408d2c
                                                                                                                                                0x00408d3e
                                                                                                                                                0x00408d47
                                                                                                                                                0x00408d58
                                                                                                                                                0x00408d5d
                                                                                                                                                0x00408d65
                                                                                                                                                0x00408d6a
                                                                                                                                                0x00408d73
                                                                                                                                                0x00408d73
                                                                                                                                                0x00408d78
                                                                                                                                                0x00408d80
                                                                                                                                                0x00408d8a
                                                                                                                                                0x00408d8a
                                                                                                                                                0x00408d49
                                                                                                                                                0x00408d4d
                                                                                                                                                0x00408d4d
                                                                                                                                                0x00408d47
                                                                                                                                                0x00408d94
                                                                                                                                                0x00408d99
                                                                                                                                                0x00408db2
                                                                                                                                                0x00408dbc
                                                                                                                                                0x00408d00
                                                                                                                                                0x00408d0c
                                                                                                                                                0x00408d16
                                                                                                                                                0x00408d16
                                                                                                                                                0x00408dc3
                                                                                                                                                0x00408dc6
                                                                                                                                                0x00408dc9
                                                                                                                                                0x00408dd6

                                                                                                                                                APIs
                                                                                                                                                • EnterCriticalSection.KERNEL32(0045BB88,00000000,00408DD7,?,?,?,00000000,?,0040968E,00000000,004096ED,?,?,00000000,00000000,00000000), ref: 00408CF2
                                                                                                                                                • LeaveCriticalSection.KERNEL32(0045BB88,0045BB88,00000000,00408DD7,?,?,?,00000000,?,0040968E,00000000,004096ED,?,?,00000000,00000000), ref: 00408D16
                                                                                                                                                • LeaveCriticalSection.KERNEL32(0045BB88,0045BB88,00000000,00408DD7,?,?,?,00000000,?,0040968E,00000000,004096ED,?,?,00000000,00000000), ref: 00408D25
                                                                                                                                                • IsValidLocale.KERNEL32(00000000,00000002,0045BB88,0045BB88,00000000,00408DD7,?,?,?,00000000,?,0040968E,00000000,004096ED), ref: 00408D37
                                                                                                                                                • EnterCriticalSection.KERNEL32(0045BB88,00000000,00000002,0045BB88,0045BB88,00000000,00408DD7,?,?,?,00000000,?,0040968E,00000000,004096ED), ref: 00408D94
                                                                                                                                                • lstrcpynW.KERNEL32(en-US,en,,00000000,000000AA,0045BB88,00000000,00000002,0045BB88,0045BB88,00000000,00408DD7,?,?,?,00000000,?,0040968E), ref: 00408DB2
                                                                                                                                                • LeaveCriticalSection.KERNEL32(0045BB88,en-US,en,,00000000,000000AA,0045BB88,00000000,00000002,0045BB88,0045BB88,00000000,00408DD7,?,?,?,00000000), ref: 00408DBC
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$Leave$Enter$LocaleValidlstrcpyn
                                                                                                                                                • String ID: en-US,en,
                                                                                                                                                • API String ID: 1058953229-3579323720
                                                                                                                                                • Opcode ID: c90a6f4bf5471e2db4ad462926f1109f64fb3b94faa9531e5b3c785343bc0c4a
                                                                                                                                                • Instruction ID: 4bb9a4b5a2d9a9df3f6fa1c1ca5a960aafda3b99239787928e5e36d2f6294bf0
                                                                                                                                                • Opcode Fuzzy Hash: c90a6f4bf5471e2db4ad462926f1109f64fb3b94faa9531e5b3c785343bc0c4a
                                                                                                                                                • Instruction Fuzzy Hash: 3521A124B403546BD61077AA8E1763A3258DF90719F60413FB880B36C7CFFCAC0482AE
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403DFC, Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 285windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                			E00403DFC(void* __eax, void* __fp0) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				signed short* _v112676;
				void* _v112680;
				char _v129064;
				char _v131113;
				char _v161832;
				void* _t74;
				int _t80;
				intOrPtr _t83;
				intOrPtr _t94;
				CHAR* _t98;
				intOrPtr _t100;
				void* _t112;
				intOrPtr _t113;
				intOrPtr _t119;
				intOrPtr _t124;
				void* _t134;
				intOrPtr _t135;
				intOrPtr _t139;
				signed int _t149;
				int _t154;
				intOrPtr _t155;
				char* _t157;
				char* _t158;
				char* _t159;
				char* _t160;
				char* _t161;
				char* _t162;
				char* _t164;
				char* _t165;
				char* _t170;
				char* _t171;
				intOrPtr _t203;
				void* _t205;
				void* _t206;
				intOrPtr* _t209;
				void* _t211;
				void* _t212;
				signed int _t217;
				void* _t220;
				void* _t221;
				void* _t234;

				_push(__eax);
				_t74 = 0x27;
				goto L1;
				L12:
				while(_t203 != 0x459a58) {
					_t80 = E004038FC(_t203);
					_t154 = _t80;
					__eflags = _t154;
					if(_t154 == 0) {
						L11:
						_t20 = _t203 + 4; // 0x459a58
						_t203 =  *_t20;
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						_t217 =  *(_t154 - 4);
						__eflags = _t217 & 0x00000001;
						if((_t217 & 0x00000001) == 0) {
							__eflags = _t217 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t217 & 0xfffffff0) - 4;
									_t149 = E00403BE8(_t154);
									__eflags = _t149;
									if(_t149 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t220 + _v112652 * 4 - 0x1f824)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E00403C40(_t154, __eflags, _t220);
							}
						}
						_t80 = E004038D8(_t154);
						_t154 = _t80;
						__eflags = _t154;
					} while (_t154 != 0);
					goto L11;
				}
				_t155 =  *0x45bb00; // 0x45bafc
				while(_t155 != 0x45bafc && _v112652 < 0x1000) {
					_t80 = E00403BE8(_t155 + 0x10);
					__eflags = _t80;
					if(_t80 == 0) {
						_v112645 = 0;
						_t22 = _t155 + 0xc; // 0x0
						_t80 = _v112652;
						 *((intOrPtr*)(_t220 + _t80 * 4 - 0x1f824)) = ( *_t22 & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t29 = _t155 + 4; // 0x45bafc
					_t155 =  *_t29;
				}
				if(_v112645 != 0) {
					L54:
					return _t80;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t83 =  *0x45704c; // 0x402980
				_t157 = E004039C8(E00406B68(_t83),  &_v161832);
				_v112660 = 0x37;
				_v112676 = 0x457072;
				_v112680 =  &_v110600;
				do {
					_v112672 = ( *_v112676 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t205 = 0xff;
					_t209 = _v112680;
					while(_t157 <=  &_v131113) {
						if( *_t209 > 0) {
							if(_v112653 == 0) {
								_t139 =  *0x457050; // 0x4029ac
								_t157 = E004039C8(E00406B68(_t139), _t157);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t157 = 0x2c;
								_t162 = _t157 + 1;
								 *_t162 = 0x20;
								_t163 = _t162 + 1;
								__eflags = _t162 + 1;
							} else {
								 *_t157 = 0xd;
								 *((char*)(_t157 + 1)) = 0xa;
								_t170 = E00403978(_v112668 + 1, _t157 + 2);
								 *_t170 = 0x20;
								_t171 = _t170 + 1;
								 *_t171 = 0x2d;
								 *((char*)(_t171 + 1)) = 0x20;
								_t134 = E00403978(_v112672, _t171 + 2);
								_t135 =  *0x457058; // 0x402a14
								_t163 = E004039C8(E00406B68(_t135), _t134);
								_v112654 = 1;
							}
							_t112 = _t205 - 1;
							_t234 = _t112;
							if(_t234 < 0) {
								_t113 =  *0x45705c; // 0x402a20
								_t164 = E004039C8(E00406B68(_t113), _t163);
							} else {
								if(_t234 == 0) {
									_t119 =  *0x457060; // 0x402a28
									_t164 = E004039C8(E00406B68(_t119), _t163);
								} else {
									if(_t112 == 1) {
										_t124 =  *0x457064; // 0x402a34
										_t164 = E004039C8(E00406B68(_t124), _t163);
									} else {
										_t164 = E004039E0( *((intOrPtr*)(_t209 - 4)), _t163);
									}
								}
							}
							 *_t164 = 0x20;
							_t165 = _t164 + 1;
							 *_t165 = 0x78;
							 *((char*)(_t165 + 1)) = 0x20;
							_t157 = E00403978( *_t209, _t165 + 2);
						}
						_t205 = _t205 - 1;
						_t209 = _t209 - 8;
						if(_t205 != 0xffffffff) {
							continue;
						} else {
							goto L39;
						}
					}
					L39:
					if(_v112654 != 0 ||  *0x459a56 == 0 || (_v112672 + 0x00000004 & 0x0000000f) == 0) {
						_v112668 = _v112672;
					}
					_v112680 = _v112680 + 0x800;
					_v112676 =  &(_v112676[0x10]);
					_t61 =  &_v112660;
					 *_t61 = _v112660 - 1;
				} while ( *_t61 != 0);
				if(_v112652 <= 0) {
					L53:
					_t94 =  *0x457068; // 0x402a44
					E004039C8(E00406B68(_t94), _t157);
					_t98 =  *0x45706c; // 0x402a48
					_t80 = MessageBoxA(0,  &_v161832, _t98, 0x2010);
					goto L54;
				}
				if(_v112653 != 0) {
					 *_t157 = 0xd;
					_t159 = _t157 + 1;
					 *_t159 = 0xa;
					_t160 = _t159 + 1;
					 *_t160 = 0xd;
					_t161 = _t160 + 1;
					 *_t161 = 0xa;
					_t157 = _t161 + 1;
				}
				_t100 =  *0x457054; // 0x4029d4
				_t157 = E004039C8(E00406B68(_t100), _t157);
				_t211 = _v112652 - 1;
				if(_t211 >= 0) {
					_t212 = _t211 + 1;
					_t206 = 0;
					_v112680 =  &_v129064;
					L49:
					L49:
					if(_t206 != 0) {
						 *_t157 = 0x2c;
						_t158 = _t157 + 1;
						 *_t158 = 0x20;
						_t157 = _t158 + 1;
					}
					_t157 = E00403978( *_v112680, _t157);
					if(_t157 >  &_v131113) {
						goto L53;
					}
					_t206 = _t206 + 1;
					_v112680 = _v112680 + 4;
					_t212 = _t212 - 1;
					if(_t212 != 0) {
						goto L49;
					}
				}
				L1:
				_t221 = _t221 + 0xfffff004;
				_push(_t74);
				_t74 = _t74 - 1;
				if(_t74 != 0) {
					goto L1;
				} else {
					E004049AC( &_v112644, 0x1b800);
					E004049AC( &_v129064, 0x4000);
					_t80 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t203 =  *0x459a5c; // 0x459a58
					goto L12;
				}
			}























































                                                                                                                                                0x00403dff
                                                                                                                                                0x00403e00
                                                                                                                                                0x00403e00
                                                                                                                                                0x00000000
                                                                                                                                                0x00403edb
                                                                                                                                                0x00403e5b
                                                                                                                                                0x00403e60
                                                                                                                                                0x00403e62
                                                                                                                                                0x00403e64
                                                                                                                                                0x00403ed8
                                                                                                                                                0x00403ed8
                                                                                                                                                0x00403ed8
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e66
                                                                                                                                                0x00403e66
                                                                                                                                                0x00403e6b
                                                                                                                                                0x00403e6d
                                                                                                                                                0x00403e73
                                                                                                                                                0x00403e75
                                                                                                                                                0x00403e7b
                                                                                                                                                0x00403e88
                                                                                                                                                0x00403e92
                                                                                                                                                0x00403e9a
                                                                                                                                                0x00403ea2
                                                                                                                                                0x00403ea7
                                                                                                                                                0x00403ea9
                                                                                                                                                0x00403eab
                                                                                                                                                0x00403ebe
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ea9
                                                                                                                                                0x00403e7d
                                                                                                                                                0x00403e80
                                                                                                                                                0x00403e85
                                                                                                                                                0x00403e7b
                                                                                                                                                0x00403ecd
                                                                                                                                                0x00403ed2
                                                                                                                                                0x00403ed4
                                                                                                                                                0x00403ed4
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e66
                                                                                                                                                0x00403ee7
                                                                                                                                                0x00403f26
                                                                                                                                                0x00403ef4
                                                                                                                                                0x00403ef9
                                                                                                                                                0x00403efb
                                                                                                                                                0x00403efd
                                                                                                                                                0x00403f04
                                                                                                                                                0x00403f10
                                                                                                                                                0x00403f16
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f23
                                                                                                                                                0x00403f23
                                                                                                                                                0x00403f23
                                                                                                                                                0x00403f41
                                                                                                                                                0x004041f5
                                                                                                                                                0x004041fb
                                                                                                                                                0x004041fb
                                                                                                                                                0x00403f47
                                                                                                                                                0x00403f50
                                                                                                                                                0x00403f56
                                                                                                                                                0x00403f72
                                                                                                                                                0x00403f74
                                                                                                                                                0x00403f7e
                                                                                                                                                0x00403f8e
                                                                                                                                                0x00403f94
                                                                                                                                                0x00403fa0
                                                                                                                                                0x00403fa6
                                                                                                                                                0x00403fad
                                                                                                                                                0x00403fb8
                                                                                                                                                0x00403fba
                                                                                                                                                0x00403fcb
                                                                                                                                                0x00403fd8
                                                                                                                                                0x00403fda
                                                                                                                                                0x00403ff2
                                                                                                                                                0x00403ff4
                                                                                                                                                0x00403ff4
                                                                                                                                                0x00404002
                                                                                                                                                0x0040405a
                                                                                                                                                0x0040405d
                                                                                                                                                0x0040405e
                                                                                                                                                0x00404061
                                                                                                                                                0x00404061
                                                                                                                                                0x00404004
                                                                                                                                                0x00404004
                                                                                                                                                0x00404008
                                                                                                                                                0x0040401a
                                                                                                                                                0x0040401c
                                                                                                                                                0x0040401f
                                                                                                                                                0x00404020
                                                                                                                                                0x00404024
                                                                                                                                                0x00404030
                                                                                                                                                0x00404037
                                                                                                                                                0x0040404f
                                                                                                                                                0x00404051
                                                                                                                                                0x00404051
                                                                                                                                                0x00404064
                                                                                                                                                0x00404064
                                                                                                                                                0x00404067
                                                                                                                                                0x00404070
                                                                                                                                                0x00404088
                                                                                                                                                0x00404069
                                                                                                                                                0x00404069
                                                                                                                                                0x0040408c
                                                                                                                                                0x004040a4
                                                                                                                                                0x0040406b
                                                                                                                                                0x0040406c
                                                                                                                                                0x004040a8
                                                                                                                                                0x004040c0
                                                                                                                                                0x0040406e
                                                                                                                                                0x004040ce
                                                                                                                                                0x004040ce
                                                                                                                                                0x0040406c
                                                                                                                                                0x00404069
                                                                                                                                                0x004040d0
                                                                                                                                                0x004040d3
                                                                                                                                                0x004040d4
                                                                                                                                                0x004040d8
                                                                                                                                                0x004040e5
                                                                                                                                                0x004040e5
                                                                                                                                                0x004040e7
                                                                                                                                                0x004040e8
                                                                                                                                                0x004040ee
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004040ee
                                                                                                                                                0x004040f4
                                                                                                                                                0x004040fb
                                                                                                                                                0x00404119
                                                                                                                                                0x00404119
                                                                                                                                                0x0040411f
                                                                                                                                                0x00404129
                                                                                                                                                0x00404130
                                                                                                                                                0x00404130
                                                                                                                                                0x00404130
                                                                                                                                                0x00404143
                                                                                                                                                0x004041c4
                                                                                                                                                0x004041c4
                                                                                                                                                0x004041d7
                                                                                                                                                0x004041e1
                                                                                                                                                0x004041f0
                                                                                                                                                0x00000000
                                                                                                                                                0x004041f0
                                                                                                                                                0x0040414c
                                                                                                                                                0x0040414e
                                                                                                                                                0x00404151
                                                                                                                                                0x00404152
                                                                                                                                                0x00404155
                                                                                                                                                0x00404156
                                                                                                                                                0x00404159
                                                                                                                                                0x0040415a
                                                                                                                                                0x0040415d
                                                                                                                                                0x0040415d
                                                                                                                                                0x0040415e
                                                                                                                                                0x00404176
                                                                                                                                                0x0040417e
                                                                                                                                                0x00404181
                                                                                                                                                0x00404183
                                                                                                                                                0x00404184
                                                                                                                                                0x0040418c
                                                                                                                                                0x00000000
                                                                                                                                                0x00404192
                                                                                                                                                0x00404194
                                                                                                                                                0x00404196
                                                                                                                                                0x00404199
                                                                                                                                                0x0040419a
                                                                                                                                                0x0040419d
                                                                                                                                                0x0040419d
                                                                                                                                                0x004041ad
                                                                                                                                                0x004041b7
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004041b9
                                                                                                                                                0x004041ba
                                                                                                                                                0x004041c1
                                                                                                                                                0x004041c2
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004041c2
                                                                                                                                                0x00403e05
                                                                                                                                                0x00403e05
                                                                                                                                                0x00403e0b
                                                                                                                                                0x00403e0c
                                                                                                                                                0x00403e0d
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e0f
                                                                                                                                                0x00403e28
                                                                                                                                                0x00403e3a
                                                                                                                                                0x00403e3f
                                                                                                                                                0x00403e41
                                                                                                                                                0x00403e47
                                                                                                                                                0x00403e4e
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e4e

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Message
                                                                                                                                                • String ID: $ *@$(*@$4*@$7$D*@$H*@$rpE
                                                                                                                                                • API String ID: 2030045667-3765007398
                                                                                                                                                • Opcode ID: c1b89ad8b1cb0265aed2f80cef4b13710795bec722ea45bc6ca04962a9cec31f
                                                                                                                                                • Instruction ID: 0678694b72a95103bfda41ccff67a1229dbd03a6b63b6794ed8c28a7fd55e14e
                                                                                                                                                • Opcode Fuzzy Hash: c1b89ad8b1cb0265aed2f80cef4b13710795bec722ea45bc6ca04962a9cec31f
                                                                                                                                                • Instruction Fuzzy Hash: 33B1B370A042548BDB20AB2DDC84B997BF8AB49705F0441F6E549FB3C2CB789E85CB59
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041D650, Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 210threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                			E0041D650(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t54;
				void* _t116;
				void* _t123;
				void* _t146;
				void* _t147;
				intOrPtr _t197;
				signed short _t205;
				int _t207;
				intOrPtr _t209;
				intOrPtr _t210;

				_t204 = __edi;
				_t209 = _t210;
				_t147 = 7;
				do {
					_push(0);
					_push(0);
					_t147 = _t147 - 1;
				} while (_t147 != 0);
				_push(__edi);
				_t146 = __edx;
				_t207 = __eax;
				_push(_t209);
				_push(0x41d91b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t210;
				_t54 = IsValidLocale(__eax, 1);
				_t212 = _t54;
				if(_t54 == 0) {
					_t207 = GetThreadLocale();
				}
				E0041DB08(_t207, _t146, _t146, _t204, _t207);
				E0041DBC4(_t207, _t146, _t146, _t204, _t207);
				E0041D5D8(_t207, 0, 0x14,  &_v20);
				E00406A38(_t146, _v20);
				E0041D5D8(_t207, 0x41d938, 0x1b,  &_v24);
				 *((char*)(_t146 + 4)) = E004193D8(0x41d938, 0, _t212);
				E0041D5D8(_t207, 0x41d938, 0x1c,  &_v28);
				 *((char*)(_t146 + 0xc2)) = E004193D8(0x41d938, 0, _t212);
				 *((short*)(_t146 + 0xbc)) = E0041D624(_t207, 0x2c, 0xf);
				 *((short*)(_t146 + 0xbe)) = E0041D624(_t207, 0x2e, 0xe);
				E0041D5D8(_t207, 0x41d938, 0x19,  &_v32);
				 *((char*)(_t146 + 5)) = E004193D8(0x41d938, 0, _t212);
				_t205 = E0041D624(_t207, 0x2f, 0x1d);
				 *(_t146 + 6) = _t205;
				_push(_t205);
				E0041DCD4(_t207, _t146, L"m/d/yy", 0x1f, _t205, _t207, _t212,  &_v36);
				E00406A38(_t146 + 0xc, _v36);
				_push( *(_t146 + 6) & 0x0000ffff);
				E0041DCD4(_t207, _t146, L"mmmm d, yyyy", 0x20, _t205, _t207, _t212,  &_v40);
				E00406A38(_t146 + 0x10, _v40);
				 *((short*)(_t146 + 8)) = E0041D624(_t207, 0x3a, 0x1e);
				E0041D5D8(_t207, 0x41d98c, 0x28,  &_v44);
				E00406A38(_t146 + 0x14, _v44);
				E0041D5D8(_t207, 0x41d9a0, 0x29,  &_v48);
				E00406A38(_t146 + 0x18, _v48);
				E00406658( &_v12);
				E00406658( &_v16);
				E0041D5D8(_t207, 0x41d938, 0x25,  &_v52);
				_t116 = E004193D8(0x41d938, 0, _t212);
				_t213 = _t116;
				if(_t116 != 0) {
					E00406A80( &_v8, 0x41d9c4);
				} else {
					E00406A80( &_v8, 0x41d9b4);
				}
				E0041D5D8(_t207, 0x41d938, 0x23,  &_v56);
				_t123 = E004193D8(0x41d938, 0, _t213);
				_t214 = _t123;
				if(_t123 == 0) {
					E0041D5D8(_t207, 0x41d938, 0x1005,  &_v60);
					if(E004193D8(0x41d938, 0, _t214) != 0) {
						E00406A80( &_v12, L"AMPM ");
					} else {
						E00406A80( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E00407584(_t146 + 0x1c, _t146, 4, _t205, _t207);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E00407584(_t146 + 0x20, _t146, 4, _t205, _t207);
				 *((short*)(_t146 + 0xa)) = E0041D624(_t207, 0x2c, 0xc);
				 *((short*)(_t146 + 0xc0)) = 0x32;
				_pop(_t197);
				 *[fs:eax] = _t197;
				_push(0x41d922);
				return E004066B8( &_v60, 0xe);
			}



























                                                                                                                                                0x0041d650
                                                                                                                                                0x0041d651
                                                                                                                                                0x0041d653
                                                                                                                                                0x0041d658
                                                                                                                                                0x0041d658
                                                                                                                                                0x0041d65a
                                                                                                                                                0x0041d65c
                                                                                                                                                0x0041d65c
                                                                                                                                                0x0041d661
                                                                                                                                                0x0041d662
                                                                                                                                                0x0041d664
                                                                                                                                                0x0041d668
                                                                                                                                                0x0041d669
                                                                                                                                                0x0041d66e
                                                                                                                                                0x0041d671
                                                                                                                                                0x0041d677
                                                                                                                                                0x0041d67c
                                                                                                                                                0x0041d67e
                                                                                                                                                0x0041d685
                                                                                                                                                0x0041d685
                                                                                                                                                0x0041d68b
                                                                                                                                                0x0041d694
                                                                                                                                                0x0041d6a6
                                                                                                                                                0x0041d6b0
                                                                                                                                                0x0041d6c5
                                                                                                                                                0x0041d6d4
                                                                                                                                                0x0041d6e7
                                                                                                                                                0x0041d6f6
                                                                                                                                                0x0041d70c
                                                                                                                                                0x0041d723
                                                                                                                                                0x0041d73a
                                                                                                                                                0x0041d749
                                                                                                                                                0x0041d75c
                                                                                                                                                0x0041d75e
                                                                                                                                                0x0041d762
                                                                                                                                                0x0041d773
                                                                                                                                                0x0041d77e
                                                                                                                                                0x0041d787
                                                                                                                                                0x0041d798
                                                                                                                                                0x0041d7a3
                                                                                                                                                0x0041d7b8
                                                                                                                                                0x0041d7cc
                                                                                                                                                0x0041d7d7
                                                                                                                                                0x0041d7ec
                                                                                                                                                0x0041d7f7
                                                                                                                                                0x0041d7ff
                                                                                                                                                0x0041d807
                                                                                                                                                0x0041d81c
                                                                                                                                                0x0041d826
                                                                                                                                                0x0041d82b
                                                                                                                                                0x0041d82d
                                                                                                                                                0x0041d846
                                                                                                                                                0x0041d82f
                                                                                                                                                0x0041d837
                                                                                                                                                0x0041d837
                                                                                                                                                0x0041d85b
                                                                                                                                                0x0041d865
                                                                                                                                                0x0041d86a
                                                                                                                                                0x0041d86c
                                                                                                                                                0x0041d87e
                                                                                                                                                0x0041d88f
                                                                                                                                                0x0041d8a8
                                                                                                                                                0x0041d891
                                                                                                                                                0x0041d899
                                                                                                                                                0x0041d899
                                                                                                                                                0x0041d88f
                                                                                                                                                0x0041d8ad
                                                                                                                                                0x0041d8b0
                                                                                                                                                0x0041d8b3
                                                                                                                                                0x0041d8b8
                                                                                                                                                0x0041d8c3
                                                                                                                                                0x0041d8c8
                                                                                                                                                0x0041d8cb
                                                                                                                                                0x0041d8ce
                                                                                                                                                0x0041d8d3
                                                                                                                                                0x0041d8de
                                                                                                                                                0x0041d8f3
                                                                                                                                                0x0041d8f7
                                                                                                                                                0x0041d902
                                                                                                                                                0x0041d905
                                                                                                                                                0x0041d908
                                                                                                                                                0x0041d91a

                                                                                                                                                APIs
                                                                                                                                                • IsValidLocale.KERNEL32(?,00000001,00000000,0041D91B,?,?,?,?,00000000,00000000), ref: 0041D677
                                                                                                                                                • GetThreadLocale.KERNEL32(?,00000001,00000000,0041D91B,?,?,?,?,00000000,00000000), ref: 0041D680
                                                                                                                                                  • Part of subcall function 0041D624: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041D70C,?,00000001,00000000,0041D91B), ref: 0041D637
                                                                                                                                                  • Part of subcall function 0041D5D8: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041D5F6
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Locale$Info$ThreadValid
                                                                                                                                                • String ID: AMPM$2$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                • API String ID: 233154393-3379564615
                                                                                                                                                • Opcode ID: 8c10872fa2866d7b944067105b44def863acfa2919ce0bfe04c86eb51bfe3d54
                                                                                                                                                • Instruction ID: aab801c9097ddfa8edf027946ed711a791b944e9f705da724640f11c4718f36c
                                                                                                                                                • Opcode Fuzzy Hash: 8c10872fa2866d7b944067105b44def863acfa2919ce0bfe04c86eb51bfe3d54
                                                                                                                                                • Instruction Fuzzy Hash: 9B7140B0B001589BDB01FBA5C851ADE77AADF49304F50807BF505BB286DB3CDE868769
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041E30C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97filewindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                			E0041E30C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41e431);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041E114(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x458bac; // 0x459058
				if( *_t17 == 0) {
					_t19 =  *0x4589d0; // 0x40b070
					_t11 = _t19 + 4; // 0xffe7
					_t21 =  *0x45bc50; // 0x400000
					LoadStringW(E00408500(_t21),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x458a14; // 0x459340
					E004045D8(E00404948(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E0040843C();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41e44c, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41e438);
				_t57 =  *0x41e2dc; // 0x41e2e0
				return E00408448( &_v8, _t57);
			}

















                                                                                                                                                0x0041e315
                                                                                                                                                0x0041e316
                                                                                                                                                0x0041e319
                                                                                                                                                0x0041e31e
                                                                                                                                                0x0041e31f
                                                                                                                                                0x0041e324
                                                                                                                                                0x0041e327
                                                                                                                                                0x0041e33a
                                                                                                                                                0x0041e33c
                                                                                                                                                0x0041e344
                                                                                                                                                0x0041e3e2
                                                                                                                                                0x0041e3e7
                                                                                                                                                0x0041e3eb
                                                                                                                                                0x0041e3f6
                                                                                                                                                0x0041e410
                                                                                                                                                0x0041e34a
                                                                                                                                                0x0041e34a
                                                                                                                                                0x0041e354
                                                                                                                                                0x0041e372
                                                                                                                                                0x0041e374
                                                                                                                                                0x0041e383
                                                                                                                                                0x0041e3a0
                                                                                                                                                0x0041e3b8
                                                                                                                                                0x0041e3d2
                                                                                                                                                0x0041e3d2
                                                                                                                                                0x0041e417
                                                                                                                                                0x0041e41a
                                                                                                                                                0x0041e41d
                                                                                                                                                0x0041e425
                                                                                                                                                0x0041e430

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0041E114: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041E2C0), ref: 0041E147
                                                                                                                                                  • Part of subcall function 0041E114: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041E16B
                                                                                                                                                  • Part of subcall function 0041E114: GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 0041E186
                                                                                                                                                  • Part of subcall function 0041E114: LoadStringW.USER32(00000000,0000FFE6,?,00000100), ref: 0041E221
                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041E431), ref: 0041E36D
                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041E3A0
                                                                                                                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041E3B2
                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041E3B8
                                                                                                                                                • GetStdHandle.KERNEL32(000000F4,0041E44C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041E3CC
                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F4,0041E44C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041E3D2
                                                                                                                                                • LoadStringW.USER32(00000000,0000FFE7,?,00000040), ref: 0041E3F6
                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041E410
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                                                                                                • String ID: A
                                                                                                                                                • API String ID: 135118572-2078354741
                                                                                                                                                • Opcode ID: 7ac45a3acab51d75a2f2dadbbea233182d042c34b14c6a342813a07329c7e551
                                                                                                                                                • Instruction ID: 55599a1ca590ccb82f33507a8a68a28fb6003423f3e15d682d30780ee5212ca2
                                                                                                                                                • Opcode Fuzzy Hash: 7ac45a3acab51d75a2f2dadbbea233182d042c34b14c6a342813a07329c7e551
                                                                                                                                                • Instruction Fuzzy Hash: 533161B5640204BEE714E765DD43FDA73ACEB04704FA0407ABA04F61D2DE78AE508B6D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004063C0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40filewindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                			E004063C0(void* __ecx) {
				long _v4;
				int _t3;
				void* _t9;

				if( *0x459058 == 0) {
					if( *0x45702e == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x459344 == 0xd7b2 &&  *0x45934c > 0) {
						 *0x45935c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00406ED0(0x406454);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                                                                                                0x004063c8
                                                                                                                                                0x0040642e
                                                                                                                                                0x0040643e
                                                                                                                                                0x0040643e
                                                                                                                                                0x00406444
                                                                                                                                                0x004063ca
                                                                                                                                                0x004063d3
                                                                                                                                                0x004063e3
                                                                                                                                                0x004063e3
                                                                                                                                                0x004063ff
                                                                                                                                                0x00406412
                                                                                                                                                0x00406426
                                                                                                                                                0x00406426

                                                                                                                                                APIs
                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?,?,0040658E,00404573,004045BA,?,00000000), ref: 004063F9
                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?,?,0040658E,00404573,004045BA,?), ref: 004063FF
                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000,?), ref: 0040641A
                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406479,?,00000000), ref: 00406420
                                                                                                                                                • MessageBoxA.USER32 ref: 0040643E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileHandleWrite$Message
                                                                                                                                                • String ID: Error$Runtime error at 00000000
                                                                                                                                                • API String ID: 1570097196-2970929446
                                                                                                                                                • Opcode ID: 926b46c2746af87e23741f57702d42cf87552e5eecc647b7072c8877725d79e4
                                                                                                                                                • Instruction ID: cc4caa9ed4b409790b6e207eb6143654c82f8d025714f3564ebbcf6fb706f27d
                                                                                                                                                • Opcode Fuzzy Hash: 926b46c2746af87e23741f57702d42cf87552e5eecc647b7072c8877725d79e4
                                                                                                                                                • Instruction Fuzzy Hash: ADF062A1644340F8FA2073A5AE4FF5A268C4744F1AF25453FB915B50D3D6FC8984973E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040358C, Relevance: 10.9, APIs: 7, Instructions: 407COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                			E0040358C(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t193;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				void* _t206;
				unsigned int _t208;
				intOrPtr _t214;
				void* _t226;
				intOrPtr _t228;
				void* _t229;
				signed int _t231;
				void* _t233;
				signed int _t234;
				signed int _t235;
				signed int _t239;
				signed int _t242;
				void* _t244;
				intOrPtr* _t245;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t218 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t218);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t226);
							_t245 = _t244 + 0xffffffe0;
							_t219 = __edx;
							_t203 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403010(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t219 - 0x40a2c;
										if(_t219 > 0x40a2c) {
											_t78 = _t203 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t219;
										}
										E00402BD0(_t203, _t219, _t150);
										E00403394(_t203, _t203, _t226);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t228 = __edx;
								} else {
									_t228 = 0xbadb9d;
								}
								 *_t245 = _t203 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t245 + 8), _t245 + 8, 0x1c);
								if( *((intOrPtr*)(_t245 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403010(_t228);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t228 - 0x40a2c;
										if(_t228 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t219;
										}
										E00402BA0(_t203,  *((intOrPtr*)(_t203 - 0x10 + 8)), _t150);
										E00403394(_t203, _t203, _t228);
									}
								} else {
									 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0xffff0000;
									_t94 =  *(_t245 + 0x10);
									if(_t219 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t228 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t245 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t245 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t203 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t219;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t203;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t206 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t226);
						if(__edx > _t171) {
							_t102 =  *(_t206 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t229 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t208 = _t171;
								_t109 = E00403010(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t193 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t229 - 0x40a2c;
									if(_t229 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t193;
									}
									_t231 = _t109;
									E00402BA0(_t218, _t208, _t109);
									E00403394(_t218, _t208, _t231);
									return _t231;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t233 = _t171 + _t115;
								__eflags = __edx - _t233;
								if(__edx > _t233) {
									goto L75;
								} else {
									__eflags =  *0x459059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00402BEC(_t206);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t196 = _t233 + 4 - _t123;
										__eflags = _t196;
										if(_t196 > 0) {
											 *(_t218 + _t233 - 4) = _t196;
											 *((intOrPtr*)(_t218 - 4 + _t123)) = _t196 + 3;
											_t234 = _t123;
											__eflags = _t196 - 0xb30;
											if(_t196 >= 0xb30) {
												__eflags = _t123 + _t218;
												E00402C2C(_t123 + _t218, _t171, _t196);
											}
										} else {
											 *(_t218 + _t233) =  *(_t218 + _t233) & 0xfffffff7;
											_t234 = _t233 + 4;
										}
										_t235 = _t234 | _t156;
										__eflags = _t235;
										 *(_t218 - 4) = _t235;
										 *0x459a68 = 0;
										_t109 = _t218;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x459a68], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x459909;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x459a68], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										_t129 =  *(_t206 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x459a68 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t233 = _t171 + _t115;
											__eflags = _t176 - _t233;
											if(_t176 > _t233) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t239 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t239;
									__eflags =  *0x459059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x459a68], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x459909;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x459a68], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										__eflags = 0xf;
									}
									 *(_t218 - 4) = _t156 | _t239;
									_t161 = _t174;
									_t197 =  *(_t206 - 4);
									__eflags = _t197 & 0x00000001;
									if((_t197 & 0x00000001) != 0) {
										_t131 = _t206;
										_t198 = _t197 & 0xfffffff0;
										_t161 = _t161 + _t198;
										_t206 = _t206 + _t198;
										__eflags = _t198 - 0xb30;
										if(_t198 >= 0xb30) {
											E00402BEC(_t131);
										}
									} else {
										 *(_t206 - 4) = _t197 | 0x00000008;
									}
									 *((intOrPtr*)(_t206 - 8)) = _t161;
									 *((intOrPtr*)(_t218 + _t239 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00402C2C(_t218 + _t239, _t174, _t161);
									}
									 *0x459a68 = 0;
									return _t218;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t214 = __edx;
										_t140 = E00403010(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t242 = _t140;
											E00402BD0(_t218, _t214, _t140);
											E00403394(_t218, _t214, _t242);
											_t140 = _t242;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403010((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E00403394(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403010(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E00403394(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                                                                                                0x0040358c
                                                                                                                                                0x0040358c
                                                                                                                                                0x0040358c
                                                                                                                                                0x00403594
                                                                                                                                                0x00403596
                                                                                                                                                0x00403624
                                                                                                                                                0x00403627
                                                                                                                                                0x00403894
                                                                                                                                                0x00403895
                                                                                                                                                0x00403896
                                                                                                                                                0x00403899
                                                                                                                                                0x00402ec0
                                                                                                                                                0x00402ec1
                                                                                                                                                0x00402ec2
                                                                                                                                                0x00402ec3
                                                                                                                                                0x00402ec4
                                                                                                                                                0x00402ec7
                                                                                                                                                0x00402ec9
                                                                                                                                                0x00402ed0
                                                                                                                                                0x00402ed9
                                                                                                                                                0x00402ede
                                                                                                                                                0x00402fc7
                                                                                                                                                0x00402fc9
                                                                                                                                                0x00402fdc
                                                                                                                                                0x00402fde
                                                                                                                                                0x00402fe0
                                                                                                                                                0x00402fe2
                                                                                                                                                0x00402fe8
                                                                                                                                                0x00402fec
                                                                                                                                                0x00402fec
                                                                                                                                                0x00402fef
                                                                                                                                                0x00402fef
                                                                                                                                                0x00402ff8
                                                                                                                                                0x00402fff
                                                                                                                                                0x00402fff
                                                                                                                                                0x00402fcb
                                                                                                                                                0x00402fcb
                                                                                                                                                0x00402fd0
                                                                                                                                                0x00402fd0
                                                                                                                                                0x00402ee4
                                                                                                                                                0x00402eed
                                                                                                                                                0x00402ef3
                                                                                                                                                0x00402eef
                                                                                                                                                0x00402eef
                                                                                                                                                0x00402eef
                                                                                                                                                0x00402eff
                                                                                                                                                0x00402f0e
                                                                                                                                                0x00402f1b
                                                                                                                                                0x00402f8d
                                                                                                                                                0x00402f94
                                                                                                                                                0x00402f96
                                                                                                                                                0x00402f98
                                                                                                                                                0x00402f9a
                                                                                                                                                0x00402fa0
                                                                                                                                                0x00402fa4
                                                                                                                                                0x00402fa4
                                                                                                                                                0x00402fa7
                                                                                                                                                0x00402fa7
                                                                                                                                                0x00402fb7
                                                                                                                                                0x00402fbe
                                                                                                                                                0x00402fbe
                                                                                                                                                0x00402f1d
                                                                                                                                                0x00402f1d
                                                                                                                                                0x00402f29
                                                                                                                                                0x00402f2f
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f31
                                                                                                                                                0x00402f42
                                                                                                                                                0x00402f46
                                                                                                                                                0x00402f48
                                                                                                                                                0x00402f48
                                                                                                                                                0x00402f5e
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f76
                                                                                                                                                0x00402f78
                                                                                                                                                0x00402f7b
                                                                                                                                                0x00402f86
                                                                                                                                                0x00402f89
                                                                                                                                                0x00402f89
                                                                                                                                                0x00402f5e
                                                                                                                                                0x00402f2f
                                                                                                                                                0x00402f1b
                                                                                                                                                0x0040300d
                                                                                                                                                0x0040389f
                                                                                                                                                0x0040389f
                                                                                                                                                0x004038a1
                                                                                                                                                0x004038a1
                                                                                                                                                0x0040362d
                                                                                                                                                0x0040362f
                                                                                                                                                0x00403632
                                                                                                                                                0x00403633
                                                                                                                                                0x00403636
                                                                                                                                                0x00403639
                                                                                                                                                0x0040363c
                                                                                                                                                0x0040363e
                                                                                                                                                0x0040363f
                                                                                                                                                0x00403754
                                                                                                                                                0x00403757
                                                                                                                                                0x00403759
                                                                                                                                                0x0040384c
                                                                                                                                                0x00403857
                                                                                                                                                0x0040385e
                                                                                                                                                0x00403860
                                                                                                                                                0x00403863
                                                                                                                                                0x00403868
                                                                                                                                                0x00403869
                                                                                                                                                0x0040386b
                                                                                                                                                0x00000000
                                                                                                                                                0x0040386d
                                                                                                                                                0x0040386d
                                                                                                                                                0x00403873
                                                                                                                                                0x00403875
                                                                                                                                                0x00403875
                                                                                                                                                0x00403878
                                                                                                                                                0x00403880
                                                                                                                                                0x00403887
                                                                                                                                                0x00403892
                                                                                                                                                0x00403892
                                                                                                                                                0x0040375f
                                                                                                                                                0x0040375f
                                                                                                                                                0x00403762
                                                                                                                                                0x00403765
                                                                                                                                                0x00403767
                                                                                                                                                0x00000000
                                                                                                                                                0x0040376d
                                                                                                                                                0x0040376d
                                                                                                                                                0x00403774
                                                                                                                                                0x004037d1
                                                                                                                                                0x004037d1
                                                                                                                                                0x004037d6
                                                                                                                                                0x004037dc
                                                                                                                                                0x004037e1
                                                                                                                                                0x004037e2
                                                                                                                                                0x004037e2
                                                                                                                                                0x004037ee
                                                                                                                                                0x004037ff
                                                                                                                                                0x00403805
                                                                                                                                                0x00403805
                                                                                                                                                0x00403807
                                                                                                                                                0x00403814
                                                                                                                                                0x0040381b
                                                                                                                                                0x0040381f
                                                                                                                                                0x00403821
                                                                                                                                                0x00403827
                                                                                                                                                0x00403829
                                                                                                                                                0x0040382b
                                                                                                                                                0x0040382b
                                                                                                                                                0x00403809
                                                                                                                                                0x00403809
                                                                                                                                                0x0040380d
                                                                                                                                                0x0040380d
                                                                                                                                                0x00403830
                                                                                                                                                0x00403830
                                                                                                                                                0x00403832
                                                                                                                                                0x00403835
                                                                                                                                                0x0040383c
                                                                                                                                                0x0040383e
                                                                                                                                                0x00403842
                                                                                                                                                0x00403776
                                                                                                                                                0x00403776
                                                                                                                                                0x0040377b
                                                                                                                                                0x00403783
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403785
                                                                                                                                                0x00403787
                                                                                                                                                0x0040378e
                                                                                                                                                0x00000000
                                                                                                                                                0x00403790
                                                                                                                                                0x00403794
                                                                                                                                                0x00403799
                                                                                                                                                0x0040379a
                                                                                                                                                0x004037a0
                                                                                                                                                0x004037a8
                                                                                                                                                0x004037ae
                                                                                                                                                0x004037b3
                                                                                                                                                0x004037b4
                                                                                                                                                0x00000000
                                                                                                                                                0x004037b4
                                                                                                                                                0x004037a8
                                                                                                                                                0x00000000
                                                                                                                                                0x0040378e
                                                                                                                                                0x004037bd
                                                                                                                                                0x004037c0
                                                                                                                                                0x004037c3
                                                                                                                                                0x004037c5
                                                                                                                                                0x00403845
                                                                                                                                                0x00403845
                                                                                                                                                0x00000000
                                                                                                                                                0x004037c7
                                                                                                                                                0x004037c7
                                                                                                                                                0x004037ca
                                                                                                                                                0x004037cd
                                                                                                                                                0x004037cf
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004037cf
                                                                                                                                                0x004037c5
                                                                                                                                                0x00403774
                                                                                                                                                0x00403767
                                                                                                                                                0x00403645
                                                                                                                                                0x00403648
                                                                                                                                                0x0040364a
                                                                                                                                                0x00403654
                                                                                                                                                0x0040365a
                                                                                                                                                0x00403671
                                                                                                                                                0x00403671
                                                                                                                                                0x0040367d
                                                                                                                                                0x00403683
                                                                                                                                                0x00403685
                                                                                                                                                0x0040368c
                                                                                                                                                0x0040368e
                                                                                                                                                0x00403693
                                                                                                                                                0x0040369b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040369d
                                                                                                                                                0x0040369f
                                                                                                                                                0x004036a6
                                                                                                                                                0x00000000
                                                                                                                                                0x004036a8
                                                                                                                                                0x004036ab
                                                                                                                                                0x004036b0
                                                                                                                                                0x004036b6
                                                                                                                                                0x004036be
                                                                                                                                                0x004036c3
                                                                                                                                                0x004036c8
                                                                                                                                                0x00000000
                                                                                                                                                0x004036c8
                                                                                                                                                0x004036be
                                                                                                                                                0x00000000
                                                                                                                                                0x004036a6
                                                                                                                                                0x004036d1
                                                                                                                                                0x004036d1
                                                                                                                                                0x004036d1
                                                                                                                                                0x004036d6
                                                                                                                                                0x004036d9
                                                                                                                                                0x004036db
                                                                                                                                                0x004036de
                                                                                                                                                0x004036e1
                                                                                                                                                0x004036ec
                                                                                                                                                0x004036ee
                                                                                                                                                0x004036f1
                                                                                                                                                0x004036f3
                                                                                                                                                0x004036f5
                                                                                                                                                0x004036fb
                                                                                                                                                0x004036fd
                                                                                                                                                0x004036fd
                                                                                                                                                0x004036e3
                                                                                                                                                0x004036e6
                                                                                                                                                0x004036e6
                                                                                                                                                0x00403702
                                                                                                                                                0x00403708
                                                                                                                                                0x0040370c
                                                                                                                                                0x00403712
                                                                                                                                                0x00403719
                                                                                                                                                0x00403719
                                                                                                                                                0x0040371e
                                                                                                                                                0x0040372b
                                                                                                                                                0x0040365c
                                                                                                                                                0x0040365c
                                                                                                                                                0x00403662
                                                                                                                                                0x0040372c
                                                                                                                                                0x00403730
                                                                                                                                                0x00403735
                                                                                                                                                0x00403737
                                                                                                                                                0x00403739
                                                                                                                                                0x00403741
                                                                                                                                                0x00403748
                                                                                                                                                0x0040374d
                                                                                                                                                0x0040374d
                                                                                                                                                0x00403753
                                                                                                                                                0x00403668
                                                                                                                                                0x00403668
                                                                                                                                                0x0040366d
                                                                                                                                                0x0040366f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040366f
                                                                                                                                                0x00403662
                                                                                                                                                0x0040364c
                                                                                                                                                0x0040364c
                                                                                                                                                0x00403650
                                                                                                                                                0x00403650
                                                                                                                                                0x0040364a
                                                                                                                                                0x0040363f
                                                                                                                                                0x0040359c
                                                                                                                                                0x0040359c
                                                                                                                                                0x0040359e
                                                                                                                                                0x004035a2
                                                                                                                                                0x004035a5
                                                                                                                                                0x004035a7
                                                                                                                                                0x004035e0
                                                                                                                                                0x004035e4
                                                                                                                                                0x004035e5
                                                                                                                                                0x004035e7
                                                                                                                                                0x004035e9
                                                                                                                                                0x004035eb
                                                                                                                                                0x004035ee
                                                                                                                                                0x004035f0
                                                                                                                                                0x004035f2
                                                                                                                                                0x004035f7
                                                                                                                                                0x004035f9
                                                                                                                                                0x004035fb
                                                                                                                                                0x00403601
                                                                                                                                                0x00403603
                                                                                                                                                0x00403603
                                                                                                                                                0x0040360a
                                                                                                                                                0x0040360a
                                                                                                                                                0x0040360d
                                                                                                                                                0x0040360f
                                                                                                                                                0x00403618
                                                                                                                                                0x0040361d
                                                                                                                                                0x0040361d
                                                                                                                                                0x0040361f
                                                                                                                                                0x00403620
                                                                                                                                                0x00403621
                                                                                                                                                0x00403622
                                                                                                                                                0x004035a9
                                                                                                                                                0x004035a9
                                                                                                                                                0x004035b0
                                                                                                                                                0x004035b2
                                                                                                                                                0x004035b8
                                                                                                                                                0x004035ba
                                                                                                                                                0x004035bc
                                                                                                                                                0x004035c1
                                                                                                                                                0x004035c3
                                                                                                                                                0x004035c5
                                                                                                                                                0x004035c7
                                                                                                                                                0x004035c9
                                                                                                                                                0x004035d4
                                                                                                                                                0x004035d9
                                                                                                                                                0x004035d9
                                                                                                                                                0x004035db
                                                                                                                                                0x004035dc
                                                                                                                                                0x004035dd
                                                                                                                                                0x004035b4
                                                                                                                                                0x004035b4
                                                                                                                                                0x004035b5
                                                                                                                                                0x004035b6
                                                                                                                                                0x004035b6
                                                                                                                                                0x004035b2
                                                                                                                                                0x004035a7

                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 012209b30cc801163652af7e4b736ed274403e160edede91c25d6155e4caf54c
                                                                                                                                                • Instruction ID: a9e8ad43e41bb6af7581f793d0e86e1b3182607fceafd5322bf430c23f80b29c
                                                                                                                                                • Opcode Fuzzy Hash: 012209b30cc801163652af7e4b736ed274403e160edede91c25d6155e4caf54c
                                                                                                                                                • Instruction Fuzzy Hash: EFC127A27102014BD714AE7DDD8836EBA899BC4316F18867FF604DB3D6DABCCE458348
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403DFA, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                			E00403DFA(void* __eax) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				signed short* _v112676;
				void* _v112680;
				char _v129064;
				char _v131113;
				char _v161832;
				void* _t74;
				int _t80;
				intOrPtr _t83;
				intOrPtr _t94;
				CHAR* _t98;
				intOrPtr _t100;
				void* _t112;
				intOrPtr _t113;
				intOrPtr _t119;
				intOrPtr _t124;
				void* _t134;
				intOrPtr _t135;
				intOrPtr _t139;
				signed int _t149;
				int _t154;
				intOrPtr _t155;
				char* _t157;
				char* _t158;
				char* _t159;
				char* _t160;
				char* _t161;
				char* _t162;
				char* _t164;
				char* _t165;
				char* _t170;
				char* _t171;
				intOrPtr _t203;
				void* _t205;
				void* _t206;
				intOrPtr* _t209;
				void* _t211;
				void* _t212;
				signed int _t217;
				void* _t221;
				void* _t223;
				void* _t237;

				_t221 = _t223;
				_push(__eax);
				_t74 = 0x27;
				goto L2;
				L13:
				while(_t203 != 0x459a58) {
					_t80 = E004038FC(_t203);
					_t154 = _t80;
					__eflags = _t154;
					if(_t154 == 0) {
						L12:
						_t20 = _t203 + 4; // 0x459a58
						_t203 =  *_t20;
						continue;
					} else {
						goto L5;
					}
					do {
						L5:
						_t217 =  *(_t154 - 4);
						__eflags = _t217 & 0x00000001;
						if((_t217 & 0x00000001) == 0) {
							__eflags = _t217 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t217 & 0xfffffff0) - 4;
									_t149 = E00403BE8(_t154);
									__eflags = _t149;
									if(_t149 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t221 + _v112652 * 4 - 0x1f824)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E00403C40(_t154, __eflags, _t221);
							}
						}
						_t80 = E004038D8(_t154);
						_t154 = _t80;
						__eflags = _t154;
					} while (_t154 != 0);
					goto L12;
				}
				_t155 =  *0x45bb00; // 0x45bafc
				while(_t155 != 0x45bafc && _v112652 < 0x1000) {
					_t80 = E00403BE8(_t155 + 0x10);
					__eflags = _t80;
					if(_t80 == 0) {
						_v112645 = 0;
						_t22 = _t155 + 0xc; // 0x0
						_t80 = _v112652;
						 *((intOrPtr*)(_t221 + _t80 * 4 - 0x1f824)) = ( *_t22 & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t29 = _t155 + 4; // 0x45bafc
					_t155 =  *_t29;
				}
				if(_v112645 != 0) {
					L55:
					return _t80;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t83 =  *0x45704c; // 0x402980
				_t157 = E004039C8(E00406B68(_t83),  &_v161832);
				_v112660 = 0x37;
				_v112676 = 0x457072;
				_v112680 =  &_v110600;
				do {
					_v112672 = ( *_v112676 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t205 = 0xff;
					_t209 = _v112680;
					while(_t157 <=  &_v131113) {
						if( *_t209 > 0) {
							if(_v112653 == 0) {
								_t139 =  *0x457050; // 0x4029ac
								_t157 = E004039C8(E00406B68(_t139), _t157);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t157 = 0x2c;
								_t162 = _t157 + 1;
								 *_t162 = 0x20;
								_t163 = _t162 + 1;
								__eflags = _t162 + 1;
							} else {
								 *_t157 = 0xd;
								 *((char*)(_t157 + 1)) = 0xa;
								_t170 = E00403978(_v112668 + 1, _t157 + 2);
								 *_t170 = 0x20;
								_t171 = _t170 + 1;
								 *_t171 = 0x2d;
								 *((char*)(_t171 + 1)) = 0x20;
								_t134 = E00403978(_v112672, _t171 + 2);
								_t135 =  *0x457058; // 0x402a14
								_t163 = E004039C8(E00406B68(_t135), _t134);
								_v112654 = 1;
							}
							_t112 = _t205 - 1;
							_t237 = _t112;
							if(_t237 < 0) {
								_t113 =  *0x45705c; // 0x402a20
								_t164 = E004039C8(E00406B68(_t113), _t163);
							} else {
								if(_t237 == 0) {
									_t119 =  *0x457060; // 0x402a28
									_t164 = E004039C8(E00406B68(_t119), _t163);
								} else {
									if(_t112 == 1) {
										_t124 =  *0x457064; // 0x402a34
										_t164 = E004039C8(E00406B68(_t124), _t163);
									} else {
										_t164 = E004039E0( *((intOrPtr*)(_t209 - 4)), _t163);
									}
								}
							}
							 *_t164 = 0x20;
							_t165 = _t164 + 1;
							 *_t165 = 0x78;
							 *((char*)(_t165 + 1)) = 0x20;
							_t157 = E00403978( *_t209, _t165 + 2);
						}
						_t205 = _t205 - 1;
						_t209 = _t209 - 8;
						if(_t205 != 0xffffffff) {
							continue;
						} else {
							goto L40;
						}
					}
					L40:
					if(_v112654 != 0 ||  *0x459a56 == 0 || (_v112672 + 0x00000004 & 0x0000000f) == 0) {
						_v112668 = _v112672;
					}
					_v112680 = _v112680 + 0x800;
					_v112676 =  &(_v112676[0x10]);
					_t61 =  &_v112660;
					 *_t61 = _v112660 - 1;
				} while ( *_t61 != 0);
				if(_v112652 <= 0) {
					L54:
					_t94 =  *0x457068; // 0x402a44
					E004039C8(E00406B68(_t94), _t157);
					_t98 =  *0x45706c; // 0x402a48
					_t80 = MessageBoxA(0,  &_v161832, _t98, 0x2010);
					goto L55;
				}
				if(_v112653 != 0) {
					 *_t157 = 0xd;
					_t159 = _t157 + 1;
					 *_t159 = 0xa;
					_t160 = _t159 + 1;
					 *_t160 = 0xd;
					_t161 = _t160 + 1;
					 *_t161 = 0xa;
					_t157 = _t161 + 1;
				}
				_t100 =  *0x457054; // 0x4029d4
				_t157 = E004039C8(E00406B68(_t100), _t157);
				_t211 = _v112652 - 1;
				if(_t211 >= 0) {
					_t212 = _t211 + 1;
					_t206 = 0;
					_v112680 =  &_v129064;
					L50:
					L50:
					if(_t206 != 0) {
						 *_t157 = 0x2c;
						_t158 = _t157 + 1;
						 *_t158 = 0x20;
						_t157 = _t158 + 1;
					}
					_t157 = E00403978( *_v112680, _t157);
					if(_t157 >  &_v131113) {
						goto L54;
					}
					_t206 = _t206 + 1;
					_v112680 = _v112680 + 4;
					_t212 = _t212 - 1;
					if(_t212 != 0) {
						goto L50;
					}
				}
				L2:
				_t223 = _t223 + 0xfffff004;
				_push(_t74);
				_t74 = _t74 - 1;
				if(_t74 != 0) {
					goto L2;
				} else {
					E004049AC( &_v112644, 0x1b800);
					E004049AC( &_v129064, 0x4000);
					_t80 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t203 =  *0x459a5c; // 0x459a58
					goto L13;
				}
			}























































                                                                                                                                                0x00403dfd
                                                                                                                                                0x00403dff
                                                                                                                                                0x00403e00
                                                                                                                                                0x00403e00
                                                                                                                                                0x00000000
                                                                                                                                                0x00403edb
                                                                                                                                                0x00403e5b
                                                                                                                                                0x00403e60
                                                                                                                                                0x00403e62
                                                                                                                                                0x00403e64
                                                                                                                                                0x00403ed8
                                                                                                                                                0x00403ed8
                                                                                                                                                0x00403ed8
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e66
                                                                                                                                                0x00403e66
                                                                                                                                                0x00403e6b
                                                                                                                                                0x00403e6d
                                                                                                                                                0x00403e73
                                                                                                                                                0x00403e75
                                                                                                                                                0x00403e7b
                                                                                                                                                0x00403e88
                                                                                                                                                0x00403e92
                                                                                                                                                0x00403e9a
                                                                                                                                                0x00403ea2
                                                                                                                                                0x00403ea7
                                                                                                                                                0x00403ea9
                                                                                                                                                0x00403eab
                                                                                                                                                0x00403ebe
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ea9
                                                                                                                                                0x00403e7d
                                                                                                                                                0x00403e80
                                                                                                                                                0x00403e85
                                                                                                                                                0x00403e7b
                                                                                                                                                0x00403ecd
                                                                                                                                                0x00403ed2
                                                                                                                                                0x00403ed4
                                                                                                                                                0x00403ed4
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e66
                                                                                                                                                0x00403ee7
                                                                                                                                                0x00403f26
                                                                                                                                                0x00403ef4
                                                                                                                                                0x00403ef9
                                                                                                                                                0x00403efb
                                                                                                                                                0x00403efd
                                                                                                                                                0x00403f04
                                                                                                                                                0x00403f10
                                                                                                                                                0x00403f16
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f1d
                                                                                                                                                0x00403f23
                                                                                                                                                0x00403f23
                                                                                                                                                0x00403f23
                                                                                                                                                0x00403f41
                                                                                                                                                0x004041f5
                                                                                                                                                0x004041fb
                                                                                                                                                0x004041fb
                                                                                                                                                0x00403f47
                                                                                                                                                0x00403f50
                                                                                                                                                0x00403f56
                                                                                                                                                0x00403f72
                                                                                                                                                0x00403f74
                                                                                                                                                0x00403f7e
                                                                                                                                                0x00403f8e
                                                                                                                                                0x00403f94
                                                                                                                                                0x00403fa0
                                                                                                                                                0x00403fa6
                                                                                                                                                0x00403fad
                                                                                                                                                0x00403fb8
                                                                                                                                                0x00403fba
                                                                                                                                                0x00403fcb
                                                                                                                                                0x00403fd8
                                                                                                                                                0x00403fda
                                                                                                                                                0x00403ff2
                                                                                                                                                0x00403ff4
                                                                                                                                                0x00403ff4
                                                                                                                                                0x00404002
                                                                                                                                                0x0040405a
                                                                                                                                                0x0040405d
                                                                                                                                                0x0040405e
                                                                                                                                                0x00404061
                                                                                                                                                0x00404061
                                                                                                                                                0x00404004
                                                                                                                                                0x00404004
                                                                                                                                                0x00404008
                                                                                                                                                0x0040401a
                                                                                                                                                0x0040401c
                                                                                                                                                0x0040401f
                                                                                                                                                0x00404020
                                                                                                                                                0x00404024
                                                                                                                                                0x00404030
                                                                                                                                                0x00404037
                                                                                                                                                0x0040404f
                                                                                                                                                0x00404051
                                                                                                                                                0x00404051
                                                                                                                                                0x00404064
                                                                                                                                                0x00404064
                                                                                                                                                0x00404067
                                                                                                                                                0x00404070
                                                                                                                                                0x00404088
                                                                                                                                                0x00404069
                                                                                                                                                0x00404069
                                                                                                                                                0x0040408c
                                                                                                                                                0x004040a4
                                                                                                                                                0x0040406b
                                                                                                                                                0x0040406c
                                                                                                                                                0x004040a8
                                                                                                                                                0x004040c0
                                                                                                                                                0x0040406e
                                                                                                                                                0x004040ce
                                                                                                                                                0x004040ce
                                                                                                                                                0x0040406c
                                                                                                                                                0x00404069
                                                                                                                                                0x004040d0
                                                                                                                                                0x004040d3
                                                                                                                                                0x004040d4
                                                                                                                                                0x004040d8
                                                                                                                                                0x004040e5
                                                                                                                                                0x004040e5
                                                                                                                                                0x004040e7
                                                                                                                                                0x004040e8
                                                                                                                                                0x004040ee
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004040ee
                                                                                                                                                0x004040f4
                                                                                                                                                0x004040fb
                                                                                                                                                0x00404119
                                                                                                                                                0x00404119
                                                                                                                                                0x0040411f
                                                                                                                                                0x00404129
                                                                                                                                                0x00404130
                                                                                                                                                0x00404130
                                                                                                                                                0x00404130
                                                                                                                                                0x00404143
                                                                                                                                                0x004041c4
                                                                                                                                                0x004041c4
                                                                                                                                                0x004041d7
                                                                                                                                                0x004041e1
                                                                                                                                                0x004041f0
                                                                                                                                                0x00000000
                                                                                                                                                0x004041f0
                                                                                                                                                0x0040414c
                                                                                                                                                0x0040414e
                                                                                                                                                0x00404151
                                                                                                                                                0x00404152
                                                                                                                                                0x00404155
                                                                                                                                                0x00404156
                                                                                                                                                0x00404159
                                                                                                                                                0x0040415a
                                                                                                                                                0x0040415d
                                                                                                                                                0x0040415d
                                                                                                                                                0x0040415e
                                                                                                                                                0x00404176
                                                                                                                                                0x0040417e
                                                                                                                                                0x00404181
                                                                                                                                                0x00404183
                                                                                                                                                0x00404184
                                                                                                                                                0x0040418c
                                                                                                                                                0x00000000
                                                                                                                                                0x00404192
                                                                                                                                                0x00404194
                                                                                                                                                0x00404196
                                                                                                                                                0x00404199
                                                                                                                                                0x0040419a
                                                                                                                                                0x0040419d
                                                                                                                                                0x0040419d
                                                                                                                                                0x004041ad
                                                                                                                                                0x004041b7
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004041b9
                                                                                                                                                0x004041ba
                                                                                                                                                0x004041c1
                                                                                                                                                0x004041c2
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004041c2
                                                                                                                                                0x00403e05
                                                                                                                                                0x00403e05
                                                                                                                                                0x00403e0b
                                                                                                                                                0x00403e0c
                                                                                                                                                0x00403e0d
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e0f
                                                                                                                                                0x00403e28
                                                                                                                                                0x00403e3a
                                                                                                                                                0x00403e3f
                                                                                                                                                0x00403e41
                                                                                                                                                0x00403e47
                                                                                                                                                0x00403e4e
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e4e

                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: $7$D*@$H*@$rpE
                                                                                                                                                • API String ID: 0-2939116076
                                                                                                                                                • Opcode ID: 89193499d3bf5b5d04dbc3245125499046023f5625875a3cf8553686718b4ad0
                                                                                                                                                • Instruction ID: a2a7225ccdca6f85d27b7bd5674335df368a042e8a6d5b72a154ea53205562a8
                                                                                                                                                • Opcode Fuzzy Hash: 89193499d3bf5b5d04dbc3245125499046023f5625875a3cf8553686718b4ad0
                                                                                                                                                • Instruction Fuzzy Hash: A581A170A042548FDB21EB2DCC84B99BBE4AB49705F0441F6E149FB3C2DB789E85CB59
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405608, Relevance: 10.6, APIs: 7, Instructions: 132threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405608(signed char* __eax, void* __ecx, void* __edx, void* __eflags) {
				void* _t49;
				long _t52;
				signed char _t53;
				signed char _t54;
				intOrPtr _t55;
				signed char _t56;
				signed char _t57;
				void* _t73;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t76;

				_t73 = __edx;
				_t74 = __eax;
				_t75 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t76 = E004058B8(_t74);
					if( *_t76 != 0 || _t73 == 0) {
						break;
					}
					_t76[1] = 0;
					if(_t75 <= 0) {
						while(1) {
							L17:
							_t53 =  *_t74;
							if(_t53 == 0) {
								goto L1;
							}
							if(_t53 != E00402728(_t74, _t53)) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t76[4] = GetTickCount();
								E00405804(_t74);
								_t55 =  *0x4598f8; // 0x458604
								 *((intOrPtr*)(_t55 + 0x10))();
								 *_t76 = 0 == 0;
								if(_t73 != 0xffffffff) {
									_t76[8] = GetTickCount();
									if(_t73 <= _t76[8] - _t76[4]) {
										_t73 = 0;
									} else {
										_t73 = _t73 - _t76[8] - _t76[4];
									}
								}
								if( *_t76 == 0) {
									do {
										_t56 =  *_t74;
									} while (_t56 != E00402728(_t74, _t56));
									_t76[1] = 1;
								} else {
									while(1) {
										_t57 =  *_t74;
										if((_t57 & 0x00000001) != 0) {
											goto L29;
										}
										if(_t57 != E00402728(_t74, _t57)) {
											continue;
										}
										_t76[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t76[1] == 0);
							if( *_t76 != 0) {
								_t74[8] = GetCurrentThreadId();
								_t74[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t76[4] = GetTickCount();
					if(_t75 <= 0) {
						L13:
						if(_t73 == 0xffffffff) {
							goto L17;
						}
						_t76[8] = GetTickCount();
						_t49 = _t76[8] - _t76[4];
						if(_t73 > _t49) {
							_t73 = _t73 - _t49;
							goto L17;
						}
						 *_t76 = 0;
						break;
					} else {
						goto L5;
					}
					do {
						L5:
						if(_t73 == 0xffffffff) {
							L8:
							_t54 =  *_t74;
							if(_t54 > 1) {
								goto L13;
							}
							if(_t54 != 0 || E00402728(_t74, 0) != 0) {
								goto L12;
							} else {
								_t74[8] = GetCurrentThreadId();
								_t74[4] = 1;
								 *_t76 = 1;
								goto L32;
							}
						}
						_t52 = GetTickCount();
						_t46 = _t52 - _t76[4];
						if(_t73 > _t52 - _t76[4]) {
							goto L8;
						} else {
							 *_t76 = 0;
							goto L32;
						}
						L12:
						_t46 = E004058FC(_t46);
						_t75 = _t75 - 1;
					} while (_t75 > 0);
					goto L13;
				}
				L32:
				return  *_t76 & 0x000000ff;
			}














                                                                                                                                                0x0040560f
                                                                                                                                                0x00405611
                                                                                                                                                0x00405613
                                                                                                                                                0x00405616
                                                                                                                                                0x00405616
                                                                                                                                                0x0040561d
                                                                                                                                                0x00405624
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405632
                                                                                                                                                0x00405639
                                                                                                                                                0x004056cb
                                                                                                                                                0x004056cb
                                                                                                                                                0x004056cb
                                                                                                                                                0x004056cf
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004056e3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004056e5
                                                                                                                                                0x004056e5
                                                                                                                                                0x004056ea
                                                                                                                                                0x004056f0
                                                                                                                                                0x004056f7
                                                                                                                                                0x00405701
                                                                                                                                                0x00405706
                                                                                                                                                0x0040570d
                                                                                                                                                0x00405714
                                                                                                                                                0x00405722
                                                                                                                                                0x00405730
                                                                                                                                                0x00405724
                                                                                                                                                0x0040572c
                                                                                                                                                0x0040572c
                                                                                                                                                0x00405722
                                                                                                                                                0x00405736
                                                                                                                                                0x0040575b
                                                                                                                                                0x0040575b
                                                                                                                                                0x0040576b
                                                                                                                                                0x0040576f
                                                                                                                                                0x00000000
                                                                                                                                                0x00405738
                                                                                                                                                0x00405738
                                                                                                                                                0x0040573d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405752
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405754
                                                                                                                                                0x00000000
                                                                                                                                                0x00405754
                                                                                                                                                0x00405738
                                                                                                                                                0x00405774
                                                                                                                                                0x00405774
                                                                                                                                                0x00405783
                                                                                                                                                0x0040578a
                                                                                                                                                0x0040578d
                                                                                                                                                0x0040578d
                                                                                                                                                0x00000000
                                                                                                                                                0x00405783
                                                                                                                                                0x00000000
                                                                                                                                                0x004056cb
                                                                                                                                                0x00405644
                                                                                                                                                0x0040564a
                                                                                                                                                0x004056a6
                                                                                                                                                0x004056a9
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004056b0
                                                                                                                                                0x004056b8
                                                                                                                                                0x004056be
                                                                                                                                                0x004056c9
                                                                                                                                                0x00000000
                                                                                                                                                0x004056c9
                                                                                                                                                0x004056c0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040564c
                                                                                                                                                0x0040564c
                                                                                                                                                0x0040564f
                                                                                                                                                0x00405667
                                                                                                                                                0x00405667
                                                                                                                                                0x0040566c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405670
                                                                                                                                                0x00000000
                                                                                                                                                0x00405684
                                                                                                                                                0x00405689
                                                                                                                                                0x0040568c
                                                                                                                                                0x00405693
                                                                                                                                                0x00000000
                                                                                                                                                0x00405693
                                                                                                                                                0x00405670
                                                                                                                                                0x00405651
                                                                                                                                                0x00405656
                                                                                                                                                0x0040565c
                                                                                                                                                0x00000000
                                                                                                                                                0x0040565e
                                                                                                                                                0x0040565e
                                                                                                                                                0x00000000
                                                                                                                                                0x0040565e
                                                                                                                                                0x0040569c
                                                                                                                                                0x0040569c
                                                                                                                                                0x004056a1
                                                                                                                                                0x004056a2
                                                                                                                                                0x00000000
                                                                                                                                                0x0040564c
                                                                                                                                                0x00405794
                                                                                                                                                0x0040579f

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 004058B8: GetCurrentThreadId.KERNEL32 ref: 004058BB
                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040563F
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405651
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00405684
                                                                                                                                                • GetTickCount.KERNEL32 ref: 004056AB
                                                                                                                                                • GetTickCount.KERNEL32 ref: 004056E5
                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040570F
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00405785
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountTick$CurrentThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3968769311-0
                                                                                                                                                • Opcode ID: 11601eaea2591db47d9e0a3339b5d9af6372044b92e2f434dcefd46fb28b69f0
                                                                                                                                                • Instruction ID: bb50489e2f4c0e7371ac908c50818e07fe8ea76bf222c5b51f101fc029dd4185
                                                                                                                                                • Opcode Fuzzy Hash: 11601eaea2591db47d9e0a3339b5d9af6372044b92e2f434dcefd46fb28b69f0
                                                                                                                                                • Instruction Fuzzy Hash: 1441A435608B818ADB20BA39C58472F7BD2DB90354F44893FE4D8973D2D6BD88859F1A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044F558, Relevance: 10.5, APIs: 7, Instructions: 35windowsleepCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E0044F558(void* __eax) {
				struct tagMSG _v40;
				long _t4;
				long _t9;
				void* _t11;
				long _t12;
				MSG* _t13;

				_t11 = __eax;
				_t9 = GetTickCount();
				_t4 = GetTickCount();
				_t12 = _t4;
				while(_t11 > _t9 - _t12) {
					if(PeekMessageW( &_v40, 0, 0, 0, 1) != 0) {
						TranslateMessage(_t13);
						DispatchMessageW(_t13);
					}
					Sleep(1);
					_t4 = GetTickCount();
					_t9 = _t4;
				}
				return _t4;
			}









                                                                                                                                                0x0044f55e
                                                                                                                                                0x0044f565
                                                                                                                                                0x0044f567
                                                                                                                                                0x0044f56c
                                                                                                                                                0x0044f5a0
                                                                                                                                                0x0044f584
                                                                                                                                                0x0044f587
                                                                                                                                                0x0044f58d
                                                                                                                                                0x0044f58d
                                                                                                                                                0x0044f594
                                                                                                                                                0x0044f599
                                                                                                                                                0x0044f59e
                                                                                                                                                0x0044f59e
                                                                                                                                                0x0044f5ac

                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 0044F560
                                                                                                                                                • GetTickCount.KERNEL32 ref: 0044F567
                                                                                                                                                • PeekMessageW.USER32 ref: 0044F57D
                                                                                                                                                • TranslateMessage.USER32 ref: 0044F587
                                                                                                                                                • DispatchMessageW.USER32 ref: 0044F58D
                                                                                                                                                • Sleep.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000001), ref: 0044F594
                                                                                                                                                • GetTickCount.KERNEL32 ref: 0044F599
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountMessageTick$DispatchPeekSleepTranslate
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2701518618-0
                                                                                                                                                • Opcode ID: 570b9b745490f225cbbde1e8f4132b6a8791baa9916827578856fe64b9c198a4
                                                                                                                                                • Instruction ID: e9d9b799a6ce74786193a8bd3a6737283ddea505bea43c87b29b9ca160bb4cbe
                                                                                                                                                • Opcode Fuzzy Hash: 570b9b745490f225cbbde1e8f4132b6a8791baa9916827578856fe64b9c198a4
                                                                                                                                                • Instruction Fuzzy Hash: C8E09B71B4170136E510B6F60C87F8F10884B45798F95043B7645FA2D3F9BD586482BF
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004240AC, Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                			E004240AC(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				signed short* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E004237DC(0x80070057);
				}
				_t47 =  *_t91 & 0x0000ffff;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L00421AA0();
					return E004237DC(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 = _t91[4];
					} else {
						_v792 =  *(_t91[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L00421F54();
						_t113 = _t54;
						if(_t113 == 0) {
							E00423534(_t100);
						}
						E00423A74(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E00424024(_v788 - 1, _t115) != 0) {
								L00421F6C();
								E004237DC(_v792);
								L00421F6C();
								E004237DC( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E00424054(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L00421F5C();
							E004237DC(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L00421F64();
							E004237DC(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                                                0x004240ac
                                                                                                                                                0x004240b8
                                                                                                                                                0x004240be
                                                                                                                                                0x004240c0
                                                                                                                                                0x004240ca
                                                                                                                                                0x004240d1
                                                                                                                                                0x004240d1
                                                                                                                                                0x004240d6
                                                                                                                                                0x004240e4
                                                                                                                                                0x0042425d
                                                                                                                                                0x00424264
                                                                                                                                                0x00424265
                                                                                                                                                0x00000000
                                                                                                                                                0x004240ea
                                                                                                                                                0x004240ed
                                                                                                                                                0x004240ff
                                                                                                                                                0x004240ef
                                                                                                                                                0x004240f4
                                                                                                                                                0x004240f4
                                                                                                                                                0x0042410e
                                                                                                                                                0x0042411a
                                                                                                                                                0x0042411d
                                                                                                                                                0x0042418a
                                                                                                                                                0x00424190
                                                                                                                                                0x00424191
                                                                                                                                                0x00424197
                                                                                                                                                0x00424198
                                                                                                                                                0x0042419a
                                                                                                                                                0x0042419f
                                                                                                                                                0x004241a3
                                                                                                                                                0x004241a5
                                                                                                                                                0x004241a5
                                                                                                                                                0x004241b0
                                                                                                                                                0x004241bb
                                                                                                                                                0x004241c6
                                                                                                                                                0x004241cf
                                                                                                                                                0x004241d2
                                                                                                                                                0x004241ee
                                                                                                                                                0x004241f5
                                                                                                                                                0x00424200
                                                                                                                                                0x00424217
                                                                                                                                                0x0042421c
                                                                                                                                                0x00424230
                                                                                                                                                0x00424235
                                                                                                                                                0x00424248
                                                                                                                                                0x00424248
                                                                                                                                                0x00424251
                                                                                                                                                0x004241d4
                                                                                                                                                0x004241d4
                                                                                                                                                0x004241d5
                                                                                                                                                0x004241db
                                                                                                                                                0x004241e1
                                                                                                                                                0x004241e3
                                                                                                                                                0x004241e5
                                                                                                                                                0x004241e8
                                                                                                                                                0x004241eb
                                                                                                                                                0x004241eb
                                                                                                                                                0x004241ee
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004241ee
                                                                                                                                                0x0042411f
                                                                                                                                                0x0042411f
                                                                                                                                                0x00424120
                                                                                                                                                0x00424122
                                                                                                                                                0x00424128
                                                                                                                                                0x0042412a
                                                                                                                                                0x00424139
                                                                                                                                                0x0042413a
                                                                                                                                                0x00424144
                                                                                                                                                0x00424145
                                                                                                                                                0x0042414a
                                                                                                                                                0x00424155
                                                                                                                                                0x00424156
                                                                                                                                                0x00424160
                                                                                                                                                0x00424161
                                                                                                                                                0x00424166
                                                                                                                                                0x00424181
                                                                                                                                                0x00424183
                                                                                                                                                0x00424184
                                                                                                                                                0x00424187
                                                                                                                                                0x00424187
                                                                                                                                                0x00000000
                                                                                                                                                0x00424128
                                                                                                                                                0x0042411d

                                                                                                                                                APIs
                                                                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00424145
                                                                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00424161
                                                                                                                                                • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0042419A
                                                                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00424217
                                                                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00424230
                                                                                                                                                • VariantCopy.OLEAUT32(?,00000000), ref: 00424265
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 351091851-0
                                                                                                                                                • Opcode ID: 716bc8167cf287cc1e8f7d8ac4576e4a45568dddf1cc74a6b6858a9f436d61aa
                                                                                                                                                • Instruction ID: ec538f1c9a65e232910c9293e5ef4a32a88133be791216f42edbb47e06386550
                                                                                                                                                • Opcode Fuzzy Hash: 716bc8167cf287cc1e8f7d8ac4576e4a45568dddf1cc74a6b6858a9f436d61aa
                                                                                                                                                • Instruction Fuzzy Hash: 4351EDB5A0022D9BCB21DF59D881AD9B3BCEB58304F4041DAE509E7211DB38AF858F69
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041E114, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                			E0041E114(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				struct HINSTANCE__* _t44;
				intOrPtr _t55;
				struct HINSTANCE__* _t57;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41e2c0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					_t44 =  *0x45bc50; // 0x400000
					GetModuleFileNameW(_t44,  &_v1056, 0x105);
					_v12 = E0041E108(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E00419D94( &_v534, 0x104, E0041F56C() + 2);
				_t83 = 0x41e2d4;
				_t100 = 0x41e2d4;
				_t95 =  *0x414f38; // 0x414f90
				if(E00405050(_t102, _t95) != 0) {
					_t83 = E004072B8( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00406B7C(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41e2d8;
					}
				}
				_t55 =  *0x458c5c; // 0x40b068
				_t18 = _t55 + 4; // 0xffe6
				_t57 =  *0x45bc50; // 0x400000
				LoadStringW(E00408500(_t57),  *_t18,  &_v1568, 0x100);
				E00404D14( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A074(4,  &_v1636);
				E00406B7C(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41e2c7);
				return E00406658( &_v1640);
			}































                                                                                                                                                0x0041e122
                                                                                                                                                0x0041e128
                                                                                                                                                0x0041e12b
                                                                                                                                                0x0041e12d
                                                                                                                                                0x0041e131
                                                                                                                                                0x0041e132
                                                                                                                                                0x0041e137
                                                                                                                                                0x0041e13a
                                                                                                                                                0x0041e147
                                                                                                                                                0x0041e156
                                                                                                                                                0x0041e180
                                                                                                                                                0x0041e186
                                                                                                                                                0x0041e192
                                                                                                                                                0x0041e197
                                                                                                                                                0x0041e19d
                                                                                                                                                0x0041e19d
                                                                                                                                                0x0041e1bf
                                                                                                                                                0x0041e1c4
                                                                                                                                                0x0041e1c9
                                                                                                                                                0x0041e1d0
                                                                                                                                                0x0041e1dd
                                                                                                                                                0x0041e1e7
                                                                                                                                                0x0041e1eb
                                                                                                                                                0x0041e1f2
                                                                                                                                                0x0041e1fc
                                                                                                                                                0x0041e1fc
                                                                                                                                                0x0041e1f2
                                                                                                                                                0x0041e20d
                                                                                                                                                0x0041e212
                                                                                                                                                0x0041e216
                                                                                                                                                0x0041e221
                                                                                                                                                0x0041e22e
                                                                                                                                                0x0041e239
                                                                                                                                                0x0041e23f
                                                                                                                                                0x0041e24c
                                                                                                                                                0x0041e252
                                                                                                                                                0x0041e25c
                                                                                                                                                0x0041e262
                                                                                                                                                0x0041e269
                                                                                                                                                0x0041e26f
                                                                                                                                                0x0041e276
                                                                                                                                                0x0041e27c
                                                                                                                                                0x0041e298
                                                                                                                                                0x0041e2a0
                                                                                                                                                0x0041e2a9
                                                                                                                                                0x0041e2ac
                                                                                                                                                0x0041e2af
                                                                                                                                                0x0041e2bf

                                                                                                                                                APIs
                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041E2C0), ref: 0041E147
                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041E16B
                                                                                                                                                • GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 0041E186
                                                                                                                                                • LoadStringW.USER32(00000000,0000FFE6,?,00000100), ref: 0041E221
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                • String ID: MZP
                                                                                                                                                • API String ID: 3990497365-2889622443
                                                                                                                                                • Opcode ID: e9fd1f3ce4b77acde823d8c7d6f134688c3606b4cbb76889d531a3f11e78126b
                                                                                                                                                • Instruction ID: 8aaf1065241a5c402aa68a6ef7157060595233990321d419dbae8ae04927e37f
                                                                                                                                                • Opcode Fuzzy Hash: e9fd1f3ce4b77acde823d8c7d6f134688c3606b4cbb76889d531a3f11e78126b
                                                                                                                                                • Instruction Fuzzy Hash: 0E411274A002589FDB20DF55CC81BCAB7B9AB58304F5040FAE908E7291D7799E94CF59
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044F1A8, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 48%
                                                                                                                                                			E0044F1A8(void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v28;
				struct HWND__* _v32;
				char _v36;
				char _v40;
				char _v56;
				char _v72;
				char _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t56;
				void* _t61;
				void* _t69;
				void* _t70;
				intOrPtr _t75;
				intOrPtr _t76;
				void* _t83;
				intOrPtr _t86;
				intOrPtr _t89;
				void* _t93;

				_t71 = 0xa;
				do {
					_push(0);
					_push(0);
					_t71 = _t71 - 1;
				} while (_t71 != 0);
				_push(_t71);
				_push(_t83);
				_t86 = _a8;
				_push(_a4);
				_push(0x44f29e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				E004066A0( &_v8);
				if( *0x45dff4 != 0) {
					_push( &_v36);
					_push(1);
					_push(_t86);
					L0040AF78();
					_push( &_v40);
					_push(1);
					_push(_t86);
					L0040AF70();
					E004066A0( &_v8);
					_t69 = _v40 - _v36;
					if(_t69 >= 0) {
						_t70 = _t69 + 1;
						_t93 = _t70;
						_v32 = 0;
						do {
							_push(E00423A88( &_v28));
							_push( &_v32);
							_push(_t86);
							L0040AF80();
							E004296F4( &_v56, _t71, _v8);
							_push( &_v56);
							_t71 =  &_v72;
							E0042B9D8( &_v28,  &_v72, 0x100);
							_pop(_t56);
							E0042BFFC(_t56,  &_v72, __fp0);
							_push( &_v56);
							E00429758( &_v88, _t70,  &_v72, 0x20, _t86, _t93);
							_pop(_t61);
							E0042BFFC(_t61,  &_v88, __fp0);
							E004283D0( &_v8, _t70,  &_v56, _t83, _t86);
							_v32 =  &(_v32->i);
							_t70 = _t70 - 1;
						} while (_t70 != 0);
					}
					MessageBoxW(0, E00407024(_v8), L"Host", 0);
				}
				_pop(_t75);
				 *[fs:eax] = _t75;
				_t76 =  *0x401290; // 0x401294
				E00407A34( &_v88, 3, _t76);
				E00423A88( &_v28);
				E004066A0( &_v8);
				return 0;
			}

























                                                                                                                                                0x0044f1ab
                                                                                                                                                0x0044f1b0
                                                                                                                                                0x0044f1b0
                                                                                                                                                0x0044f1b2
                                                                                                                                                0x0044f1b4
                                                                                                                                                0x0044f1b4
                                                                                                                                                0x0044f1b7
                                                                                                                                                0x0044f1ba
                                                                                                                                                0x0044f1bb
                                                                                                                                                0x0044f1be
                                                                                                                                                0x0044f1c4
                                                                                                                                                0x0044f1c9
                                                                                                                                                0x0044f1cc
                                                                                                                                                0x0044f1d2
                                                                                                                                                0x0044f1de
                                                                                                                                                0x0044f1e7
                                                                                                                                                0x0044f1e8
                                                                                                                                                0x0044f1ea
                                                                                                                                                0x0044f1eb
                                                                                                                                                0x0044f1f3
                                                                                                                                                0x0044f1f4
                                                                                                                                                0x0044f1f6
                                                                                                                                                0x0044f1f7
                                                                                                                                                0x0044f1ff
                                                                                                                                                0x0044f207
                                                                                                                                                0x0044f20c
                                                                                                                                                0x0044f20e
                                                                                                                                                0x0044f20e
                                                                                                                                                0x0044f20f
                                                                                                                                                0x0044f216
                                                                                                                                                0x0044f21e
                                                                                                                                                0x0044f222
                                                                                                                                                0x0044f223
                                                                                                                                                0x0044f224
                                                                                                                                                0x0044f22f
                                                                                                                                                0x0044f237
                                                                                                                                                0x0044f238
                                                                                                                                                0x0044f242
                                                                                                                                                0x0044f24a
                                                                                                                                                0x0044f24b
                                                                                                                                                0x0044f253
                                                                                                                                                0x0044f25b
                                                                                                                                                0x0044f263
                                                                                                                                                0x0044f264
                                                                                                                                                0x0044f26f
                                                                                                                                                0x0044f274
                                                                                                                                                0x0044f277
                                                                                                                                                0x0044f277
                                                                                                                                                0x0044f216
                                                                                                                                                0x0044f28c
                                                                                                                                                0x0044f28c
                                                                                                                                                0x0044f293
                                                                                                                                                0x0044f296
                                                                                                                                                0x0044f2a6
                                                                                                                                                0x0044f2b1
                                                                                                                                                0x0044f2b9
                                                                                                                                                0x0044f2c1
                                                                                                                                                0x0044f2ce

                                                                                                                                                APIs
                                                                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0044F1EB
                                                                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0044F1F7
                                                                                                                                                • SafeArrayGetElement.OLEAUT32(?,00000000,00000000), ref: 0044F224
                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,Host,00000000), ref: 0044F28C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ArraySafe$Bound$ElementMessage
                                                                                                                                                • String ID: Host
                                                                                                                                                • API String ID: 2136510208-1863695555
                                                                                                                                                • Opcode ID: 6bea62ae87c4374d69aceeaefbf4ecfaaaffadb96c263533fd0c3f765cb2c868
                                                                                                                                                • Instruction ID: 049a10011492fb1e4b86c8d757fe8ebaf3f838bebd80a5de250dc6091e4a2e1e
                                                                                                                                                • Opcode Fuzzy Hash: 6bea62ae87c4374d69aceeaefbf4ecfaaaffadb96c263533fd0c3f765cb2c868
                                                                                                                                                • Instruction Fuzzy Hash: 00314371A0020DAADB00EF91D982FDEB3BCEF44304F50047BF501B2181DB796F198AA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405444, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 36%
                                                                                                                                                			E00405444(void* __edx) {
				intOrPtr _v8;
				char _v12;
				char* _t20;
				intOrPtr _t26;
				signed int _t32;
				intOrPtr _t40;
				void* _t42;
				void* _t44;
				intOrPtr _t45;

				_t42 = _t44;
				_t45 = _t44 + 0xfffffff8;
				_v12 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_t32 = 0x40;
					goto L11;
				} else {
					_t20 =  &_v12;
					_push(_t20);
					_push(0);
					L004028EC();
					if(_t20 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v8 = E00404484(_v12);
						_push(_t42);
						_push(E004054F0);
						_push( *[fs:edx]);
						 *[fs:edx] = _t45;
						_push( &_v12);
						_push(_v8);
						L004028EC();
						_t26 = _v8;
						if(_v12 <= 0) {
							L8:
							_pop(_t40);
							 *[fs:eax] = _t40;
							_push(E004054F7);
							return E004044A0(_v8);
						} else {
							while( *((short*)(_t26 + 4)) != 2 ||  *((char*)(_t26 + 8)) != 1) {
								_t26 = _t26 + 0x18;
								_v12 = _v12 - 0x18;
								if(_v12 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_t32 =  *(_t26 + 0xa) & 0x0000ffff;
							E00405F50();
							L11:
							return _t32;
						}
					}
				}
				L12:
			}












                                                                                                                                                0x00405445
                                                                                                                                                0x00405447
                                                                                                                                                0x0040544d
                                                                                                                                                0x00405467
                                                                                                                                                0x004054f7
                                                                                                                                                0x004054f7
                                                                                                                                                0x00000000
                                                                                                                                                0x0040546d
                                                                                                                                                0x0040546d
                                                                                                                                                0x00405470
                                                                                                                                                0x00405471
                                                                                                                                                0x00405473
                                                                                                                                                0x0040547a
                                                                                                                                                0x00000000
                                                                                                                                                0x00405486
                                                                                                                                                0x0040548e
                                                                                                                                                0x00405493
                                                                                                                                                0x00405494
                                                                                                                                                0x00405499
                                                                                                                                                0x0040549c
                                                                                                                                                0x004054a2
                                                                                                                                                0x004054a6
                                                                                                                                                0x004054a7
                                                                                                                                                0x004054ac
                                                                                                                                                0x004054b3
                                                                                                                                                0x004054da
                                                                                                                                                0x004054dc
                                                                                                                                                0x004054df
                                                                                                                                                0x004054e2
                                                                                                                                                0x004054ef
                                                                                                                                                0x004054b5
                                                                                                                                                0x004054b5
                                                                                                                                                0x004054cd
                                                                                                                                                0x004054d0
                                                                                                                                                0x004054d8
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004054d8
                                                                                                                                                0x004054c2
                                                                                                                                                0x004054c6
                                                                                                                                                0x004054fc
                                                                                                                                                0x00405502
                                                                                                                                                0x00405502
                                                                                                                                                0x004054b3
                                                                                                                                                0x0040547a
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation,024199E0), ref: 0040545A
                                                                                                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00405460
                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation,024199E0), ref: 0040547C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                • String ID: GetLogicalProcessorInformation$kernel32.dll
                                                                                                                                                • API String ID: 4275029093-812649623
                                                                                                                                                • Opcode ID: e62829bc94120120a15bc42a474b9112073308fe30d9e610c1986f2702cc29ba
                                                                                                                                                • Instruction ID: c1e5ba1df838c586c200fb27a8426cfabcd458109b2cd9967c78b2c85d954edd
                                                                                                                                                • Opcode Fuzzy Hash: e62829bc94120120a15bc42a474b9112073308fe30d9e610c1986f2702cc29ba
                                                                                                                                                • Instruction Fuzzy Hash: F3119671D04604AEDB10EBA5DD45B9FB7A8EB40319F20407BE504B35C1E67C99C09F1D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042B0EC, Relevance: 7.8, APIs: 5, Instructions: 332COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                			E0042B0EC(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed int _v12;
				signed char _v13;
				signed int _v16;
				signed int _v18;
				void* _v24;
				void* _v28;
				signed int _v44;
				void* __ebp;
				signed int _t134;
				signed short* _t253;
				intOrPtr _t303;
				intOrPtr _t306;
				intOrPtr _t314;
				intOrPtr _t321;
				intOrPtr _t329;
				signed int _t334;
				void* _t342;
				void* _t344;
				intOrPtr _t345;

				_t349 = __fp0;
				_t342 = _t344;
				_t345 = _t344 + 0xffffffd8;
				_v12 = __ecx;
				_v8 = __edx;
				_t253 = __eax;
				_v13 = 1;
				_t334 =  *__eax & 0x0000ffff;
				if((_t334 & 0x00000fff) >= 0x10f) {
					_t134 =  *_v8 & 0x0000ffff;
					if(_t134 != 0) {
						if(_t134 != 1) {
							if(E0042BE20(_t334,  &_v24) != 0) {
								_push( &_v18);
								if( *((intOrPtr*)( *_v24 + 8))() == 0) {
									_t337 =  *_v8 & 0x0000ffff;
									if(( *_v8 & 0xfff) >= 0x10f) {
										if(E0042BE20(_t337,  &_v28) != 0) {
											_push( &_v16);
											if( *((intOrPtr*)( *_v28 + 4))() == 0) {
												E004233F0(0xb);
												goto L41;
											} else {
												if(( *_t253 & 0x0000ffff) == _v16) {
													_v13 =  *(0x45870a + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v44);
													L00421A90();
													_push(_t342);
													_push(0x42b4cc);
													_push( *[fs:eax]);
													 *[fs:eax] = _t345;
													_t265 = _v16 & 0x0000ffff;
													E004248E4( &_v44, _v16 & 0x0000ffff, _t253, __edi, __fp0);
													if((_v44 & 0x0000ffff) != _v16) {
														E00423300(_t265);
													}
													_v13 =  *(0x45870a + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c) & 0x000000ff;
													_pop(_t303);
													 *[fs:eax] = _t303;
													_push(0x42b500);
													return E00423A74( &_v44);
												}
											}
										} else {
											E004233F0(0xb);
											goto L41;
										}
									} else {
										_push( &_v44);
										L00421A90();
										_push(_t342);
										_push(0x42b418);
										_push( *[fs:eax]);
										 *[fs:eax] = _t345;
										_t270 =  *_v8 & 0x0000ffff;
										E004248E4( &_v44,  *_v8 & 0x0000ffff, _t253, __edi, __fp0);
										if(( *_v8 & 0x0000ffff) != _v44) {
											E00423300(_t270);
										}
										_v13 = E0042AF34( &_v44, _v12, _v8, _t349);
										_pop(_t306);
										 *[fs:eax] = _t306;
										_push(0x42b500);
										return E00423A74( &_v44);
									}
								} else {
									if(( *_v8 & 0x0000ffff) == _v18) {
										_v13 =  *(0x45870a + _v12 * 2 + ( *((intOrPtr*)( *_v24 + 0x34))(_v12) & 0x0000007f) - 0x1c) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v44);
										L00421A90();
										_push(_t342);
										_push(0x42b375);
										_push( *[fs:eax]);
										 *[fs:eax] = _t345;
										_t275 = _v18 & 0x0000ffff;
										E004248E4( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
										if((_v44 & 0x0000ffff) != _v18) {
											E00423300(_t275);
										}
										_v13 =  *(0x45870a + _v12 * 2 + ( *((intOrPtr*)( *_v24 + 0x34))(_v12) & 0x0000007f) - 0x1c) & 0x000000ff;
										_pop(_t314);
										 *[fs:eax] = _t314;
										_push(0x42b500);
										return E00423A74( &_v44);
									}
								}
							} else {
								E004233F0(__ecx);
								goto L41;
							}
						} else {
							_v13 = E0042ACC8(_v12, 2);
							goto L41;
						}
					} else {
						_v13 = E0042ACB4(0, 1);
						goto L41;
					}
				} else {
					if(_t334 != 0) {
						if(_t334 != 1) {
							if(E0042BE20( *_v8 & 0x0000ffff,  &_v28) != 0) {
								_push( &_v16);
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_push( &_v44);
									L00421A90();
									_push(_t342);
									_push(0x42b287);
									_push( *[fs:eax]);
									 *[fs:eax] = _t345;
									_t281 =  *_t253 & 0x0000ffff;
									E004248E4( &_v44,  *_t253 & 0x0000ffff, _v8, __edi, __fp0);
									if((_v44 & 0xfff) !=  *_t253) {
										E00423300(_t281);
									}
									_v13 = E0042AF34(_t253, _v12,  &_v44, _t349);
									_pop(_t321);
									 *[fs:eax] = _t321;
									_push(0x42b500);
									return E00423A74( &_v44);
								} else {
									if(( *_t253 & 0x0000ffff) == _v16) {
										_v13 =  *(0x45870a + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v44);
										L00421A90();
										_push(_t342);
										_push(0x42b1f8);
										_push( *[fs:eax]);
										 *[fs:eax] = _t345;
										_t286 = _v16 & 0x0000ffff;
										E004248E4( &_v44, _v16 & 0x0000ffff, _t253, __edi, __fp0);
										if((_v44 & 0xfff) != _v16) {
											E00423300(_t286);
										}
										_v13 =  *(0x45870a + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c) & 0x000000ff;
										_pop(_t329);
										 *[fs:eax] = _t329;
										_push(0x42b500);
										return E00423A74( &_v44);
									}
								}
							} else {
								E004233F0(__ecx);
								goto L41;
							}
						} else {
							_v13 = E0042ACC8(_v12, 0);
							goto L41;
						}
					} else {
						_v13 = E0042ACB4(1, 0);
						L41:
						return _v13 & 0x000000ff;
					}
				}
			}























                                                                                                                                                0x0042b0ec
                                                                                                                                                0x0042b0ed
                                                                                                                                                0x0042b0ef
                                                                                                                                                0x0042b0f4
                                                                                                                                                0x0042b0f7
                                                                                                                                                0x0042b0fa
                                                                                                                                                0x0042b0fc
                                                                                                                                                0x0042b100
                                                                                                                                                0x0042b10d
                                                                                                                                                0x0042b291
                                                                                                                                                0x0042b297
                                                                                                                                                0x0042b2ae
                                                                                                                                                0x0042b2d0
                                                                                                                                                0x0042b2df
                                                                                                                                                0x0042b2f2
                                                                                                                                                0x0042b3aa
                                                                                                                                                0x0042b3b7
                                                                                                                                                0x0042b42b
                                                                                                                                                0x0042b43a
                                                                                                                                                0x0042b44c
                                                                                                                                                0x0042b4fb
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b452
                                                                                                                                                0x0042b459
                                                                                                                                                0x0042b4f6
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b45b
                                                                                                                                                0x0042b45e
                                                                                                                                                0x0042b45f
                                                                                                                                                0x0042b466
                                                                                                                                                0x0042b467
                                                                                                                                                0x0042b46c
                                                                                                                                                0x0042b46f
                                                                                                                                                0x0042b472
                                                                                                                                                0x0042b47b
                                                                                                                                                0x0042b488
                                                                                                                                                0x0042b48a
                                                                                                                                                0x0042b48a
                                                                                                                                                0x0042b4b3
                                                                                                                                                0x0042b4b8
                                                                                                                                                0x0042b4bb
                                                                                                                                                0x0042b4be
                                                                                                                                                0x0042b4cb
                                                                                                                                                0x0042b4cb
                                                                                                                                                0x0042b459
                                                                                                                                                0x0042b42d
                                                                                                                                                0x0042b42d
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b42d
                                                                                                                                                0x0042b3b9
                                                                                                                                                0x0042b3bc
                                                                                                                                                0x0042b3bd
                                                                                                                                                0x0042b3c4
                                                                                                                                                0x0042b3c5
                                                                                                                                                0x0042b3ca
                                                                                                                                                0x0042b3cd
                                                                                                                                                0x0042b3d3
                                                                                                                                                0x0042b3db
                                                                                                                                                0x0042b3ea
                                                                                                                                                0x0042b3ec
                                                                                                                                                0x0042b3ec
                                                                                                                                                0x0042b3ff
                                                                                                                                                0x0042b404
                                                                                                                                                0x0042b407
                                                                                                                                                0x0042b40a
                                                                                                                                                0x0042b417
                                                                                                                                                0x0042b417
                                                                                                                                                0x0042b2f8
                                                                                                                                                0x0042b302
                                                                                                                                                0x0042b39f
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b304
                                                                                                                                                0x0042b307
                                                                                                                                                0x0042b308
                                                                                                                                                0x0042b30f
                                                                                                                                                0x0042b310
                                                                                                                                                0x0042b315
                                                                                                                                                0x0042b318
                                                                                                                                                0x0042b31b
                                                                                                                                                0x0042b325
                                                                                                                                                0x0042b332
                                                                                                                                                0x0042b334
                                                                                                                                                0x0042b334
                                                                                                                                                0x0042b35c
                                                                                                                                                0x0042b361
                                                                                                                                                0x0042b364
                                                                                                                                                0x0042b367
                                                                                                                                                0x0042b374
                                                                                                                                                0x0042b374
                                                                                                                                                0x0042b302
                                                                                                                                                0x0042b2d2
                                                                                                                                                0x0042b2d2
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b2d2
                                                                                                                                                0x0042b2b0
                                                                                                                                                0x0042b2bc
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b2bc
                                                                                                                                                0x0042b299
                                                                                                                                                0x0042b2a2
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b2a2
                                                                                                                                                0x0042b113
                                                                                                                                                0x0042b116
                                                                                                                                                0x0042b12d
                                                                                                                                                0x0042b153
                                                                                                                                                0x0042b162
                                                                                                                                                0x0042b174
                                                                                                                                                0x0042b22d
                                                                                                                                                0x0042b22e
                                                                                                                                                0x0042b235
                                                                                                                                                0x0042b236
                                                                                                                                                0x0042b23b
                                                                                                                                                0x0042b23e
                                                                                                                                                0x0042b241
                                                                                                                                                0x0042b24a
                                                                                                                                                0x0042b25a
                                                                                                                                                0x0042b25c
                                                                                                                                                0x0042b25c
                                                                                                                                                0x0042b26e
                                                                                                                                                0x0042b273
                                                                                                                                                0x0042b276
                                                                                                                                                0x0042b279
                                                                                                                                                0x0042b286
                                                                                                                                                0x0042b17a
                                                                                                                                                0x0042b181
                                                                                                                                                0x0042b222
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b183
                                                                                                                                                0x0042b186
                                                                                                                                                0x0042b187
                                                                                                                                                0x0042b18e
                                                                                                                                                0x0042b18f
                                                                                                                                                0x0042b194
                                                                                                                                                0x0042b197
                                                                                                                                                0x0042b19a
                                                                                                                                                0x0042b1a3
                                                                                                                                                0x0042b1b4
                                                                                                                                                0x0042b1b6
                                                                                                                                                0x0042b1b6
                                                                                                                                                0x0042b1df
                                                                                                                                                0x0042b1e4
                                                                                                                                                0x0042b1e7
                                                                                                                                                0x0042b1ea
                                                                                                                                                0x0042b1f7
                                                                                                                                                0x0042b1f7
                                                                                                                                                0x0042b181
                                                                                                                                                0x0042b155
                                                                                                                                                0x0042b155
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b155
                                                                                                                                                0x0042b12f
                                                                                                                                                0x0042b13b
                                                                                                                                                0x00000000
                                                                                                                                                0x0042b13b
                                                                                                                                                0x0042b118
                                                                                                                                                0x0042b121
                                                                                                                                                0x0042b500
                                                                                                                                                0x0042b509
                                                                                                                                                0x0042b509
                                                                                                                                                0x0042b116

                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a3d506dea4572a16f2d663bf4d7ccd67ecc8a7a09006d430df05dc4ff7f1d5ac
                                                                                                                                                • Instruction ID: e663d32daf8916aded8d63c0d2434aa33fd3dabb5640a439b59991884f9fc373
                                                                                                                                                • Opcode Fuzzy Hash: a3d506dea4572a16f2d663bf4d7ccd67ecc8a7a09006d430df05dc4ff7f1d5ac
                                                                                                                                                • Instruction Fuzzy Hash: 54D19535B00169EFCB00EF95D4818FDBBB5EF48314F9444A7E840A7251DB38AE85DBA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00429BCC, Relevance: 7.8, APIs: 5, Instructions: 269COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                			E00429BCC(signed short* __eax, intOrPtr __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				signed int _v18;
				signed int _v20;
				void* _v24;
				void* _v28;
				signed int _v44;
				void* __ebp;
				void* _t115;
				signed int _t203;
				intOrPtr _t212;
				intOrPtr _t213;
				intOrPtr _t246;
				intOrPtr _t251;
				intOrPtr _t255;
				intOrPtr _t260;
				intOrPtr _t264;
				void* _t267;
				void* _t269;
				intOrPtr _t270;

				_t274 = __fp0;
				_t265 = __edi;
				_t267 = _t269;
				_t270 = _t269 + 0xffffffd8;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t200 =  *_v8 & 0x0000ffff;
				if(( *_v8 & 0xfff) >= 0x10f) {
					if(E0042BE20(_t200,  &_v24) == 0) {
						E004233F0(__ecx);
					}
					_push( &_v20);
					_t212 = _v16;
					if( *((intOrPtr*)( *_v24 + 8))() == 0) {
						_t203 =  *_v12 & 0x0000ffff;
						if((_t203 & 0x00000fff) >= 0x10f) {
							if(E0042BE20(_t203,  &_v28) != 0) {
								_push( &_v18);
								_t213 = _v16;
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_t115 = E004233F0(_t213);
									goto L35;
								} else {
									if(( *_v8 & 0x0000ffff) == _v18) {
										_t115 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
										goto L35;
									} else {
										_push( &_v44);
										L00421A90();
										_push(_t267);
										_push(0x429eeb);
										_push( *[fs:eax]);
										 *[fs:eax] = _t270;
										_t215 = _v18 & 0x0000ffff;
										E004248E4( &_v44, _v18 & 0x0000ffff, _v8, _t265, _t274);
										E0042436C(_v8, _v18 & 0x0000ffff,  &_v44);
										if(( *_v8 & 0x0000ffff) != _v18) {
											E00423300(_t215);
										}
										_pop(_t246);
										 *[fs:eax] = _t246;
										_push(0x429ef2);
										return E00423A74( &_v44);
									}
								}
							} else {
								_t115 = E004233F0(_t212);
								goto L35;
							}
						} else {
							if(_t203 ==  *_v8) {
								_t115 = E0042AB4C(_v8, _v16, _v12);
								goto L35;
							} else {
								_push( &_v44);
								L00421A90();
								_push(_t267);
								_push(0x429e3f);
								_push( *[fs:eax]);
								 *[fs:eax] = _t270;
								_t220 =  *_v12 & 0x0000ffff;
								E004248E4( &_v44,  *_v12 & 0x0000ffff, _v8, _t265, _t274);
								E0042436C(_v8,  *_v12 & 0x0000ffff,  &_v44);
								if(( *_v8 & 0x0000ffff) !=  *_v12) {
									E00423300(_t220);
								}
								_pop(_t251);
								 *[fs:eax] = _t251;
								_push(0x429e46);
								return E00423A74( &_v44);
							}
						}
					} else {
						if(( *_v12 & 0x0000ffff) == _v20) {
							_t115 =  *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							goto L35;
						} else {
							_push( &_v44);
							L00421A90();
							_push(_t267);
							_push(0x429da4);
							_push( *[fs:eax]);
							 *[fs:eax] = _t270;
							_t224 = _v20 & 0x0000ffff;
							E004248E4( &_v44, _v20 & 0x0000ffff, _v12, _t265, _t274);
							if((_v44 & 0x0000ffff) != _v20) {
								E00423300(_t224);
							}
							 *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							_pop(_t255);
							 *[fs:eax] = _t255;
							_push(0x429f0b);
							return E00423A74( &_v44);
						}
					}
				} else {
					if(E0042BE20( *_v12 & 0x0000ffff,  &_v28) != 0) {
						_push( &_v18);
						if( *((intOrPtr*)( *_v28 + 4))() == 0) {
							_push( &_v44);
							L00421A90();
							_push(_t267);
							_push(0x429d07);
							_push( *[fs:eax]);
							 *[fs:eax] = _t270;
							_t230 =  *_v8 & 0x0000ffff;
							E004248E4( &_v44,  *_v8 & 0x0000ffff, _v12, __edi, __fp0);
							if(( *_v8 & 0x0000ffff) != _v44) {
								E00423300(_t230);
							}
							E0042AB4C(_v8, _v16,  &_v44);
							_pop(_t260);
							 *[fs:eax] = _t260;
							_push(0x429f0b);
							return E00423A74( &_v44);
						} else {
							if(( *_v8 & 0x0000ffff) == _v18) {
								_t115 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
								goto L35;
							} else {
								_push( &_v44);
								L00421A90();
								_push(_t267);
								_push(0x429c8c);
								_push( *[fs:eax]);
								 *[fs:eax] = _t270;
								_t235 = _v18 & 0x0000ffff;
								E004248E4( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
								E0042436C(_v8, _v18 & 0x0000ffff,  &_v44);
								if(( *_v8 & 0x0000ffff) != _v18) {
									E00423300(_t235);
								}
								_pop(_t264);
								 *[fs:eax] = _t264;
								_push(0x429c93);
								return E00423A74( &_v44);
							}
						}
					} else {
						_t115 = E004233F0(__ecx);
						L35:
						return _t115;
					}
				}
			}
























                                                                                                                                                0x00429bcc
                                                                                                                                                0x00429bcc
                                                                                                                                                0x00429bcd
                                                                                                                                                0x00429bcf
                                                                                                                                                0x00429bd3
                                                                                                                                                0x00429bd6
                                                                                                                                                0x00429bd9
                                                                                                                                                0x00429bdf
                                                                                                                                                0x00429bec
                                                                                                                                                0x00429d1a
                                                                                                                                                0x00429d1c
                                                                                                                                                0x00429d1c
                                                                                                                                                0x00429d24
                                                                                                                                                0x00429d28
                                                                                                                                                0x00429d35
                                                                                                                                                0x00429dc5
                                                                                                                                                0x00429dd2
                                                                                                                                                0x00429e65
                                                                                                                                                0x00429e74
                                                                                                                                                0x00429e78
                                                                                                                                                0x00429e85
                                                                                                                                                0x00429f06
                                                                                                                                                0x00000000
                                                                                                                                                0x00429e87
                                                                                                                                                0x00429e91
                                                                                                                                                0x00429f01
                                                                                                                                                0x00000000
                                                                                                                                                0x00429e93
                                                                                                                                                0x00429e96
                                                                                                                                                0x00429e97
                                                                                                                                                0x00429e9e
                                                                                                                                                0x00429e9f
                                                                                                                                                0x00429ea4
                                                                                                                                                0x00429ea7
                                                                                                                                                0x00429eaa
                                                                                                                                                0x00429eb4
                                                                                                                                                0x00429ebf
                                                                                                                                                0x00429ece
                                                                                                                                                0x00429ed0
                                                                                                                                                0x00429ed0
                                                                                                                                                0x00429ed7
                                                                                                                                                0x00429eda
                                                                                                                                                0x00429edd
                                                                                                                                                0x00429eea
                                                                                                                                                0x00429eea
                                                                                                                                                0x00429e91
                                                                                                                                                0x00429e67
                                                                                                                                                0x00429e67
                                                                                                                                                0x00000000
                                                                                                                                                0x00429e67
                                                                                                                                                0x00429dd8
                                                                                                                                                0x00429de1
                                                                                                                                                0x00429e4f
                                                                                                                                                0x00000000
                                                                                                                                                0x00429de3
                                                                                                                                                0x00429de6
                                                                                                                                                0x00429de7
                                                                                                                                                0x00429dee
                                                                                                                                                0x00429def
                                                                                                                                                0x00429df4
                                                                                                                                                0x00429df7
                                                                                                                                                0x00429dfd
                                                                                                                                                0x00429e06
                                                                                                                                                0x00429e11
                                                                                                                                                0x00429e22
                                                                                                                                                0x00429e24
                                                                                                                                                0x00429e24
                                                                                                                                                0x00429e2b
                                                                                                                                                0x00429e2e
                                                                                                                                                0x00429e31
                                                                                                                                                0x00429e3e
                                                                                                                                                0x00429e3e
                                                                                                                                                0x00429de1
                                                                                                                                                0x00429d3b
                                                                                                                                                0x00429d45
                                                                                                                                                0x00429dba
                                                                                                                                                0x00000000
                                                                                                                                                0x00429d47
                                                                                                                                                0x00429d4a
                                                                                                                                                0x00429d4b
                                                                                                                                                0x00429d52
                                                                                                                                                0x00429d53
                                                                                                                                                0x00429d58
                                                                                                                                                0x00429d5b
                                                                                                                                                0x00429d5e
                                                                                                                                                0x00429d68
                                                                                                                                                0x00429d75
                                                                                                                                                0x00429d77
                                                                                                                                                0x00429d77
                                                                                                                                                0x00429d8b
                                                                                                                                                0x00429d90
                                                                                                                                                0x00429d93
                                                                                                                                                0x00429d96
                                                                                                                                                0x00429da3
                                                                                                                                                0x00429da3
                                                                                                                                                0x00429d45
                                                                                                                                                0x00429bf2
                                                                                                                                                0x00429c02
                                                                                                                                                0x00429c11
                                                                                                                                                0x00429c22
                                                                                                                                                0x00429cad
                                                                                                                                                0x00429cae
                                                                                                                                                0x00429cb5
                                                                                                                                                0x00429cb6
                                                                                                                                                0x00429cbb
                                                                                                                                                0x00429cbe
                                                                                                                                                0x00429cc4
                                                                                                                                                0x00429ccd
                                                                                                                                                0x00429cdc
                                                                                                                                                0x00429cde
                                                                                                                                                0x00429cde
                                                                                                                                                0x00429cec
                                                                                                                                                0x00429cf3
                                                                                                                                                0x00429cf6
                                                                                                                                                0x00429cf9
                                                                                                                                                0x00429d06
                                                                                                                                                0x00429c28
                                                                                                                                                0x00429c32
                                                                                                                                                0x00429ca2
                                                                                                                                                0x00000000
                                                                                                                                                0x00429c34
                                                                                                                                                0x00429c37
                                                                                                                                                0x00429c38
                                                                                                                                                0x00429c3f
                                                                                                                                                0x00429c40
                                                                                                                                                0x00429c45
                                                                                                                                                0x00429c48
                                                                                                                                                0x00429c4b
                                                                                                                                                0x00429c55
                                                                                                                                                0x00429c60
                                                                                                                                                0x00429c6f
                                                                                                                                                0x00429c71
                                                                                                                                                0x00429c71
                                                                                                                                                0x00429c78
                                                                                                                                                0x00429c7b
                                                                                                                                                0x00429c7e
                                                                                                                                                0x00429c8b
                                                                                                                                                0x00429c8b
                                                                                                                                                0x00429c32
                                                                                                                                                0x00429c04
                                                                                                                                                0x00429c04
                                                                                                                                                0x00429f0b
                                                                                                                                                0x00429f0f
                                                                                                                                                0x00429f0f
                                                                                                                                                0x00429c02

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitVariant
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1927566239-0
                                                                                                                                                • Opcode ID: 31dea10ece24042977b94ad332995b6db98b17d1f1c9655e5d9323ddbdefc42a
                                                                                                                                                • Instruction ID: 517de94f234af0a2b1e79363b42983113dc343d89ae35d42b00b593ffc3734a5
                                                                                                                                                • Opcode Fuzzy Hash: 31dea10ece24042977b94ad332995b6db98b17d1f1c9655e5d9323ddbdefc42a
                                                                                                                                                • Instruction Fuzzy Hash: 82B13935B00229EFCB00EF95E5818EDB7B9FF48714FD144A6F900A3255DB38AE45DA68
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041E054, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                			E0041E054(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x41e0eb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0041D5D8(GetThreadLocale(), 0x41e104, 0x100b,  &_v8);
				_t29 = E004193D8(0x41e104, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoW(E0041DFA0, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x45bd94;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoW(E0041DFDC, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(0x41e0f2);
				return E00406658( &_v8);
			}










                                                                                                                                                0x0041e054
                                                                                                                                                0x0041e057
                                                                                                                                                0x0041e05c
                                                                                                                                                0x0041e05d
                                                                                                                                                0x0041e062
                                                                                                                                                0x0041e065
                                                                                                                                                0x0041e07b
                                                                                                                                                0x0041e08d
                                                                                                                                                0x0041e097
                                                                                                                                                0x0041e0a7
                                                                                                                                                0x0041e0ac
                                                                                                                                                0x0041e0b1
                                                                                                                                                0x0041e0b6
                                                                                                                                                0x0041e0b6
                                                                                                                                                0x0041e0bc
                                                                                                                                                0x0041e0bf
                                                                                                                                                0x0041e0bf
                                                                                                                                                0x0041e0d0
                                                                                                                                                0x0041e0d0
                                                                                                                                                0x0041e0d7
                                                                                                                                                0x0041e0da
                                                                                                                                                0x0041e0dd
                                                                                                                                                0x0041e0ea

                                                                                                                                                APIs
                                                                                                                                                • GetThreadLocale.KERNEL32(?,00000000,0041E0EB,?,?,00000000), ref: 0041E06C
                                                                                                                                                  • Part of subcall function 0041D5D8: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041D5F6
                                                                                                                                                • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0041E0EB,?,?,00000000), ref: 0041E09C
                                                                                                                                                • EnumCalendarInfoW.KERNEL32(Function_0001DFA0,00000000,00000000,00000004,00000000,0041E0EB,?,?,00000000), ref: 0041E0A7
                                                                                                                                                • GetThreadLocale.KERNEL32(00000000,00000003,Function_0001DFA0,00000000,00000000,00000004,00000000,0041E0EB,?,?,00000000), ref: 0041E0C5
                                                                                                                                                • EnumCalendarInfoW.KERNEL32(Function_0001DFDC,00000000,00000000,00000003,Function_0001DFA0,00000000,00000000,00000004,00000000,0041E0EB,?,?,00000000), ref: 0041E0D0
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4102113445-0
                                                                                                                                                • Opcode ID: 3ade1bf6ed9f5a8d4e29643ca631aa76670860bd7149988f10ef33ca57e66939
                                                                                                                                                • Instruction ID: 1b18b928cb1ddebf41b21687c81fa495ad61704039416c792120c45b5feafcb9
                                                                                                                                                • Opcode Fuzzy Hash: 3ade1bf6ed9f5a8d4e29643ca631aa76670860bd7149988f10ef33ca57e66939
                                                                                                                                                • Instruction Fuzzy Hash: 640147747006147BD311B6728C13F9E7558EB0A718F614837F801B76C1D67C9E51826E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041BF44, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                			E0041BF44(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				intOrPtr _v540;
				short* _t34;
				intOrPtr* _t50;
				intOrPtr _t59;
				void* _t64;
				intOrPtr _t66;
				void* _t70;

				_v8 = 0;
				_t50 = __edx;
				_t64 = __eax;
				_push(_t70);
				_push(0x41c033);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70 + 0xfffffde8;
				E00406658(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t64 > 2) {
					E00406A80( &_v8, L"yyyy");
				} else {
					E00406A80( &_v8, 0x41c04c);
				}
				_t34 = E004072B8(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t34,  &_v536, 0x200) != 0) {
					E0040734C(_t50, 0x100,  &_v536);
					if(_t64 == 1 &&  *((short*)( *_t50)) == 0x30) {
						_v540 =  *_t50;
						_t66 = _v540;
						if(_t66 != 0) {
							_t66 =  *((intOrPtr*)(_t66 - 4));
						}
						E0040766C( *_t50, _t66 - 1, 2, _t50);
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x41c03a);
				return E00406658( &_v8);
			}















                                                                                                                                                0x0041bf51
                                                                                                                                                0x0041bf54
                                                                                                                                                0x0041bf56
                                                                                                                                                0x0041bf5a
                                                                                                                                                0x0041bf5b
                                                                                                                                                0x0041bf60
                                                                                                                                                0x0041bf63
                                                                                                                                                0x0041bf68
                                                                                                                                                0x0041bf74
                                                                                                                                                0x0041bf7f
                                                                                                                                                0x0041bf8a
                                                                                                                                                0x0041bf91
                                                                                                                                                0x0041bfaa
                                                                                                                                                0x0041bf93
                                                                                                                                                0x0041bf9b
                                                                                                                                                0x0041bf9b
                                                                                                                                                0x0041bfbe
                                                                                                                                                0x0041bfd7
                                                                                                                                                0x0041bfe6
                                                                                                                                                0x0041bfec
                                                                                                                                                0x0041bff8
                                                                                                                                                0x0041bffe
                                                                                                                                                0x0041c006
                                                                                                                                                0x0041c00b
                                                                                                                                                0x0041c00b
                                                                                                                                                0x0041c018
                                                                                                                                                0x0041c018
                                                                                                                                                0x0041bfec
                                                                                                                                                0x0041c01f
                                                                                                                                                0x0041c022
                                                                                                                                                0x0041c025
                                                                                                                                                0x0041c032

                                                                                                                                                APIs
                                                                                                                                                • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C033), ref: 0041BFCA
                                                                                                                                                • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C033), ref: 0041BFD0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DateFormatLocaleThread
                                                                                                                                                • String ID: $yyyy
                                                                                                                                                • API String ID: 3303714858-404527807
                                                                                                                                                • Opcode ID: e9f8ddc607c78921057641c82d02b20c64341dd6abf628d872694aad5630559b
                                                                                                                                                • Instruction ID: 1d82e2325234fb9921a237082344897347903be7d979594794ede7a7775da521
                                                                                                                                                • Opcode Fuzzy Hash: e9f8ddc607c78921057641c82d02b20c64341dd6abf628d872694aad5630559b
                                                                                                                                                • Instruction Fuzzy Hash: 08215535A406189FD711EFA5CC81A9EB7B4EF08700F5144AAF805E7391D7389E409BAA
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044C688, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 41%
                                                                                                                                                			E0044C688(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr* _v12;
				char _v16;
				struct HINSTANCE__* _t18;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				intOrPtr* _t33;
				intOrPtr* _t35;
				void* _t41;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t62;

				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t41 = __edx;
				_push(_t62);
				_push(0x44c750);
				_push( *[fs:eax]);
				 *[fs:eax] = _t62;
				_t18 = GetModuleHandleW(L"OLEAUT32.DLL");
				_t57 = _t18;
				if(_t18 != 0) {
					_t59 = 0;
					if(_t41 != 0) {
						_t59 = E0040A8C4(_t41, 0, _t57, L"UnRegisterTypeLibForUser");
					}
					if(_t59 == 0) {
						_t59 = E0040A8C4(_t41, _t59, _t57, L"UnRegisterTypeLib");
					}
					if(_t59 != 0) {
						_t24 =  *0x45dfe4; // 0x0
						 *((intOrPtr*)( *_t24 + 0x1c))( &_v8);
						_t26 = _v12;
						E00448954( *((intOrPtr*)( *_t26 + 0x1c))(_t26));
						_t30 = _v8;
						 *_t59(_t30,  *(_t30 + 0x18) & 0x0000ffff,  *(_t30 + 0x1a) & 0x0000ffff,  *((intOrPtr*)(_t30 + 0x10)),  *((intOrPtr*)(_t30 + 0x14)));
						_t33 =  *0x45dfe4; // 0x0
						 *((intOrPtr*)( *_t33 + 0x1c))(_v8);
						_t35 = _v16;
						 *((intOrPtr*)( *_t35 + 0x30))(_t35);
					}
				}
				_pop(_t48);
				 *[fs:eax] = _t48;
				_push(0x44c757);
				_t49 =  *0x40adc8; // 0x40adcc
				return E00407A34( &_v16, 2, _t49);
			}
















                                                                                                                                                0x0044c68b
                                                                                                                                                0x0044c68d
                                                                                                                                                0x0044c68f
                                                                                                                                                0x0044c691
                                                                                                                                                0x0044c692
                                                                                                                                                0x0044c694
                                                                                                                                                0x0044c698
                                                                                                                                                0x0044c699
                                                                                                                                                0x0044c69e
                                                                                                                                                0x0044c6a1
                                                                                                                                                0x0044c6a9
                                                                                                                                                0x0044c6ae
                                                                                                                                                0x0044c6b2
                                                                                                                                                0x0044c6b6
                                                                                                                                                0x0044c6ba
                                                                                                                                                0x0044c6c7
                                                                                                                                                0x0044c6c7
                                                                                                                                                0x0044c6cb
                                                                                                                                                0x0044c6d8
                                                                                                                                                0x0044c6d8
                                                                                                                                                0x0044c6dc
                                                                                                                                                0x0044c6e5
                                                                                                                                                0x0044c6ec
                                                                                                                                                0x0044c6ef
                                                                                                                                                0x0044c6f8
                                                                                                                                                0x0044c6fd
                                                                                                                                                0x0044c713
                                                                                                                                                0x0044c71c
                                                                                                                                                0x0044c723
                                                                                                                                                0x0044c726
                                                                                                                                                0x0044c72c
                                                                                                                                                0x0044c72c
                                                                                                                                                0x0044c6dc
                                                                                                                                                0x0044c731
                                                                                                                                                0x0044c734
                                                                                                                                                0x0044c737
                                                                                                                                                0x0044c73f
                                                                                                                                                0x0044c74f

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,00000000,0044C750,?,?,?,?,00000000,00000000,00000000), ref: 0044C6A9
                                                                                                                                                  • Part of subcall function 0040A8C4: GetProcAddress.KERNEL32(?,?), ref: 0040A8E8
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLibForUser
                                                                                                                                                • API String ID: 1646373207-2227340434
                                                                                                                                                • Opcode ID: bfc294587217549e382812a8b63ea2c283c7221b92cba5bdfead8165f4c867af
                                                                                                                                                • Instruction ID: 581a0ccbc49df657ce8d146d8f35181bf60b64217acb18c72964299c9a78bf2f
                                                                                                                                                • Opcode Fuzzy Hash: bfc294587217549e382812a8b63ea2c283c7221b92cba5bdfead8165f4c867af
                                                                                                                                                • Instruction Fuzzy Hash: 0921D636A00210AFD751DF55C881E6AB7F8EF8C700B1580A6F900E7391DB38EC01CB58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044C56C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 42%
                                                                                                                                                			E0044C56C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _t38;
				intOrPtr _t47;
				intOrPtr* _t51;
				void* _t53;
				intOrPtr _t56;

				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t38 = __ecx;
				_t53 = __eax;
				_push(_t56);
				_push(0x44c62c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56;
				E0040739C( &_v8, __edx);
				E00419A38(__edx,  &_v16);
				E0040739C( &_v12, _v16);
				if(_t38 == 0) {
					L4:
					_push(E00407024(_v12));
					_push(E00407024(_v8));
					_push(_t53);
					L0040AF90();
					E00448954(_t22);
				} else {
					_t39 = GetModuleHandleW(L"OLEAUT32.DLL");
					if(_t29 == 0) {
						goto L4;
					} else {
						_t51 = E0040A8C4(_t39, _t53, _t39, L"RegisterTypeLibForUser");
						if(_t51 == 0) {
							goto L4;
						} else {
							E00448954( *_t51(_t53, E00407024(_v8), E00407024(_v12)));
						}
					}
				}
				_pop(_t47);
				 *[fs:eax] = _t47;
				_push(0x44c633);
				E00406658( &_v16);
				return E00406718( &_v12, 2);
			}











                                                                                                                                                0x0044c56f
                                                                                                                                                0x0044c571
                                                                                                                                                0x0044c573
                                                                                                                                                0x0044c575
                                                                                                                                                0x0044c576
                                                                                                                                                0x0044c578
                                                                                                                                                0x0044c57c
                                                                                                                                                0x0044c580
                                                                                                                                                0x0044c581
                                                                                                                                                0x0044c586
                                                                                                                                                0x0044c589
                                                                                                                                                0x0044c591
                                                                                                                                                0x0044c59b
                                                                                                                                                0x0044c5a6
                                                                                                                                                0x0044c5ad
                                                                                                                                                0x0044c5ec
                                                                                                                                                0x0044c5f4
                                                                                                                                                0x0044c5fd
                                                                                                                                                0x0044c5fe
                                                                                                                                                0x0044c5ff
                                                                                                                                                0x0044c604
                                                                                                                                                0x0044c5af
                                                                                                                                                0x0044c5b9
                                                                                                                                                0x0044c5bd
                                                                                                                                                0x00000000
                                                                                                                                                0x0044c5bf
                                                                                                                                                0x0044c5ca
                                                                                                                                                0x0044c5ce
                                                                                                                                                0x00000000
                                                                                                                                                0x0044c5d0
                                                                                                                                                0x0044c5e5
                                                                                                                                                0x0044c5e5
                                                                                                                                                0x0044c5ce
                                                                                                                                                0x0044c5bd
                                                                                                                                                0x0044c60b
                                                                                                                                                0x0044c60e
                                                                                                                                                0x0044c611
                                                                                                                                                0x0044c619
                                                                                                                                                0x0044c62b

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,00000000,0044C62C,?,?,?,?,00000000,00000000,00000000), ref: 0044C5B4
                                                                                                                                                  • Part of subcall function 0040A8C4: GetProcAddress.KERNEL32(?,?), ref: 0040A8E8
                                                                                                                                                • RegisterTypeLib.OLEAUT32(?,00000000,00000000), ref: 0044C5FF
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProcRegisterType
                                                                                                                                                • String ID: OLEAUT32.DLL$RegisterTypeLibForUser
                                                                                                                                                • API String ID: 3041890036-2666564778
                                                                                                                                                • Opcode ID: b76a1db701e38e4d049415a984d16f40f69dc791161e4291dabc1b915e161a1b
                                                                                                                                                • Instruction ID: b9f07f21fab152b2e0b6290161ee90af867a6ede7a29fb68e4b0838362b732f2
                                                                                                                                                • Opcode Fuzzy Hash: b76a1db701e38e4d049415a984d16f40f69dc791161e4291dabc1b915e161a1b
                                                                                                                                                • Instruction Fuzzy Hash: 8C118471A056447BE751F7668C82B6E77ADDF44308F25407BB500B3282DA7CAE06855E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004489EC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004489EC(void* __eax, intOrPtr __ecx, void* __edx, void* _a4) {
				void* _v8;
				int _v12;
				void* __ebp;
				long _t12;
				char* _t17;
				long _t25;
				intOrPtr _t27;
				intOrPtr _t33;
				void* _t37;
				intOrPtr _t40;

				_t40 = __ecx;
				_t37 = __edx;
				_t12 = RegCreateKeyExW(_a4, E004072B8(__eax), 0, 0x448a88, 0, 0x2001f, 0,  &_v8,  &_v12);
				_t25 = _t12;
				if(_t25 == 0) {
					_t27 = _t40;
					if(_t27 != 0) {
						_t27 =  *((intOrPtr*)(_t27 - 4));
					}
					_t17 = E004072B8(_t40);
					_t25 = RegSetValueExW(_v8, E004072B8(_t37), 0, 1, _t17, _t27 + 1 + _t27 + 1);
					_t12 = RegCloseKey(_v8);
				}
				if(_t25 != 0) {
					_t33 =  *0x458a28; // 0x444c40
					_t12 = E0041E50C(_t33, 1);
					E00405E5C();
				}
				return _t12;
			}













                                                                                                                                                0x004489f5
                                                                                                                                                0x004489f7
                                                                                                                                                0x00448a1f
                                                                                                                                                0x00448a24
                                                                                                                                                0x00448a28
                                                                                                                                                0x00448a2a
                                                                                                                                                0x00448a2e
                                                                                                                                                0x00448a33
                                                                                                                                                0x00448a33
                                                                                                                                                0x00448a3d
                                                                                                                                                0x00448a58
                                                                                                                                                0x00448a5e
                                                                                                                                                0x00448a5e
                                                                                                                                                0x00448a65
                                                                                                                                                0x00448a67
                                                                                                                                                0x00448a74
                                                                                                                                                0x00448a79
                                                                                                                                                0x00448a79
                                                                                                                                                0x00448a84

                                                                                                                                                APIs
                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,00000000,00000000,00448A88,00000000,0002001F,00000000,?,?), ref: 00448A1F
                                                                                                                                                • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,00000000,?,?,00000000,00000000,00448A88,00000000,0002001F,00000000,?,?), ref: 00448A53
                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,?,?,00000000,00000000,00448A88,00000000,0002001F,00000000,?,?), ref: 00448A5E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseCreateValue
                                                                                                                                                • String ID: @LD
                                                                                                                                                • API String ID: 1818849710-2728841554
                                                                                                                                                • Opcode ID: ad0949387a5b27a4838306a1d23bf15ca7893b810df9bfeff83d51ab925dfca8
                                                                                                                                                • Instruction ID: 48d040dd62d64bf35a406fcf8b773a79cb87b5b43dc23b8b881fd69cf1a1342a
                                                                                                                                                • Opcode Fuzzy Hash: ad0949387a5b27a4838306a1d23bf15ca7893b810df9bfeff83d51ab925dfca8
                                                                                                                                                • Instruction Fuzzy Hash: 37115E767443046BE710EAAA9CC2F9B739C9B18714F10013BBA08F7282DDB9ED0457A9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00408BB8, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                			E00408BB8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x45bb80()) {
					_v16 = E00408B74( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x45bb7c(4,  &_v32,  &_v20);
				}
				_t39 = E00408B74( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00407310(_t81, _t67);
					_t39 = E004044A0(_t67);
				}
				if(_v16 != 0) {
					 *0x45bb7c(0, 0,  &_v20);
					_t68 = E00408B74( &_v12);
					if(_v8 != _v12 || E00408B50(_v16, _v12, _t68) != 0) {
						 *0x45bb7c(8, _v16,  &_v20);
					}
					E004044A0(_t68);
					return E004044A0(_v16);
				}
				return _t39;
			}





















                                                                                                                                                0x00408bc0
                                                                                                                                                0x00408bc2
                                                                                                                                                0x00408bc6
                                                                                                                                                0x00408bd2
                                                                                                                                                0x00408bdc
                                                                                                                                                0x00408bdf
                                                                                                                                                0x00408be1
                                                                                                                                                0x00408be8
                                                                                                                                                0x00408beb
                                                                                                                                                0x00408bfc
                                                                                                                                                0x00408c02
                                                                                                                                                0x00408c05
                                                                                                                                                0x00408c08
                                                                                                                                                0x00408c0b
                                                                                                                                                0x00408c11
                                                                                                                                                0x00408c17
                                                                                                                                                0x00408c27
                                                                                                                                                0x00408c27
                                                                                                                                                0x00408c30
                                                                                                                                                0x00408c35
                                                                                                                                                0x00408c39
                                                                                                                                                0x00408c3e
                                                                                                                                                0x00408c43
                                                                                                                                                0x00408c45
                                                                                                                                                0x00408c46
                                                                                                                                                0x00408c4d
                                                                                                                                                0x00408c55
                                                                                                                                                0x00408c5a
                                                                                                                                                0x00408c5a
                                                                                                                                                0x00408c60
                                                                                                                                                0x00408c63
                                                                                                                                                0x00408c63
                                                                                                                                                0x00408c4d
                                                                                                                                                0x00408c6a
                                                                                                                                                0x00408c71
                                                                                                                                                0x00408c71
                                                                                                                                                0x00408c7a
                                                                                                                                                0x00408c84
                                                                                                                                                0x00408c92
                                                                                                                                                0x00408c9a
                                                                                                                                                0x00408cb7
                                                                                                                                                0x00408cb7
                                                                                                                                                0x00408cbf
                                                                                                                                                0x00000000
                                                                                                                                                0x00408cc7
                                                                                                                                                0x00408cd1

                                                                                                                                                APIs
                                                                                                                                                • GetThreadUILanguage.KERNEL32(?,00000000), ref: 00408BC9
                                                                                                                                                • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 00408C27
                                                                                                                                                • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 00408C84
                                                                                                                                                • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 00408CB7
                                                                                                                                                  • Part of subcall function 00408B74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,00408C35), ref: 00408B8B
                                                                                                                                                  • Part of subcall function 00408B74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,00408C35), ref: 00408BA8
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Thread$LanguagesPreferred$Language
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2255706666-0
                                                                                                                                                • Opcode ID: e84ce1af6ecec7689740048bac9e8a8c5cefbf12e63df4037a13d5de7f97c819
                                                                                                                                                • Instruction ID: 9f23075f820d752611a58e0315da63b4785e45efd7f0cfeaa8e5b6fde4ab111b
                                                                                                                                                • Opcode Fuzzy Hash: e84ce1af6ecec7689740048bac9e8a8c5cefbf12e63df4037a13d5de7f97c819
                                                                                                                                                • Instruction Fuzzy Hash: A2317E70A0421E9BDB10DFA5C984AAEB3B8FF54315F00457EE551F72D1DB78AA04CBA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004282F4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                			E004282F4(signed short* __eax, void* __ebx, intOrPtr* __edx) {
				intOrPtr* _v8;
				char _v9;
				void* _v16;
				char _v24;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr* _t21;
				signed short* _t43;
				intOrPtr _t54;
				intOrPtr _t60;
				void* _t63;
				void* _t64;
				intOrPtr _t65;

				_t63 = _t64;
				_t65 = _t64 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v8 = __edx;
				_t43 = __eax;
				_t21 = _v8;
				if(_t21 != 0) {
					 *_t21 = 0;
				}
				_push(_t63);
				_push(0x4283bf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t65;
				_v9 = E0042BE20( *_t43 & 0x0000ffff,  &_v16);
				if(_v9 == 0) {
					_pop(_t54);
					 *[fs:eax] = _t54;
					_push(E004283C6);
					return E004066B8( &_v40, 2);
				} else {
					_t8 =  &_v32; // 0x424f0d
					L00421A90();
					 *[fs:eax] = _t65;
					 *((intOrPtr*)( *_v16 + 0x1c))( *[fs:eax], 0x42839d, _t63, _t8);
					_t14 =  &_v24; // 0x425148
					E00407310( &_v40,  *_t14);
					E0040766C(_v40, 0x7fffffff, 1,  &_v36);
					E0040739C(_v8, _v36);
					_t60 = 8;
					 *[fs:eax] = _t60;
					_push(E004283A4);
					_t18 =  &_v32; // 0x424f0d
					return E00423A74(_t18);
				}
			}

















                                                                                                                                                0x004282f5
                                                                                                                                                0x004282f7
                                                                                                                                                0x004282fd
                                                                                                                                                0x00428300
                                                                                                                                                0x00428303
                                                                                                                                                0x00428306
                                                                                                                                                0x00428308
                                                                                                                                                0x0042830d
                                                                                                                                                0x00428311
                                                                                                                                                0x00428311
                                                                                                                                                0x00428315
                                                                                                                                                0x00428316
                                                                                                                                                0x0042831b
                                                                                                                                                0x0042831e
                                                                                                                                                0x0042832c
                                                                                                                                                0x00428333
                                                                                                                                                0x004283a6
                                                                                                                                                0x004283a9
                                                                                                                                                0x004283ac
                                                                                                                                                0x004283be
                                                                                                                                                0x00428335
                                                                                                                                                0x00428335
                                                                                                                                                0x00428339
                                                                                                                                                0x00428349
                                                                                                                                                0x00428358
                                                                                                                                                0x00428362
                                                                                                                                                0x00428365
                                                                                                                                                0x00428377
                                                                                                                                                0x00428382
                                                                                                                                                0x00428389
                                                                                                                                                0x0042838c
                                                                                                                                                0x0042838f
                                                                                                                                                0x00428394
                                                                                                                                                0x0042839c
                                                                                                                                                0x0042839c

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitVariant
                                                                                                                                                • String ID: OB$HQB
                                                                                                                                                • API String ID: 1927566239-1244505494
                                                                                                                                                • Opcode ID: d30197d52ff7d55f698807342833a6a64f2f0040529bc8a1943bd7b72fdb63ae
                                                                                                                                                • Instruction ID: ce50e00e062e4224360ad58fb7818a9a0cafc2074aeafacec8c2964351eff409
                                                                                                                                                • Opcode Fuzzy Hash: d30197d52ff7d55f698807342833a6a64f2f0040529bc8a1943bd7b72fdb63ae
                                                                                                                                                • Instruction Fuzzy Hash: 33218630B042089FDB05DFA5D8429DEB7F9EB49710F9185BAEC00E3691DB396D05CA69
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044E1D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                			E0044E1D0(void* __ecx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* __ebp;
				intOrPtr _t34;
				void* _t40;
				intOrPtr _t41;

				_push(0);
				_push(0);
				_push(0);
				_push(_a4);
				_push(_t40);
				_push(0x44e236);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				E00404844(0,  &_v16, _t40);
				E00419B90(_v16,  &_v12);
				E004074FC( &_v8, _v12, L"Usage: ");
				MessageBoxW(0, E004072B8(_v8), L"Host", 0);
				_pop(_t34);
				 *[fs:eax] = _t34;
				E004066B8( &_v16, 3);
				return 0;
			}










                                                                                                                                                0x0044e1d3
                                                                                                                                                0x0044e1d5
                                                                                                                                                0x0044e1d7
                                                                                                                                                0x0044e1dc
                                                                                                                                                0x0044e1e1
                                                                                                                                                0x0044e1e2
                                                                                                                                                0x0044e1e7
                                                                                                                                                0x0044e1ea
                                                                                                                                                0x0044e1f2
                                                                                                                                                0x0044e1fd
                                                                                                                                                0x0044e20d
                                                                                                                                                0x0044e224
                                                                                                                                                0x0044e22b
                                                                                                                                                0x0044e22e
                                                                                                                                                0x0044e243
                                                                                                                                                0x0044e250

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00404844: GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 00404868
                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,Host,00000000), ref: 0044E224
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileMessageModuleName
                                                                                                                                                • String ID: Host$Usage:
                                                                                                                                                • API String ID: 3425244467-3988290099
                                                                                                                                                • Opcode ID: e06bbbeb76da8c48c34ab86bd58cff87c86df879cd6d5b352f54d525989dccd7
                                                                                                                                                • Instruction ID: 3efb4be876b19a7bab69bb76604f0080fa663807799fddb178197189f838b234
                                                                                                                                                • Opcode Fuzzy Hash: e06bbbeb76da8c48c34ab86bd58cff87c86df879cd6d5b352f54d525989dccd7
                                                                                                                                                • Instruction Fuzzy Hash: 8601AC31B04208BFE711EAA2DC52F5EB7ACFB85714F6144BBF900A71C1D5746E14C669
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044DF38, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                			E0044DF38(void* __ecx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* __ebp;
				intOrPtr _t34;
				void* _t40;
				intOrPtr _t41;

				_push(0);
				_push(0);
				_push(0);
				_push(_a4);
				_push(_t40);
				_push(0x44df9e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				E00404844(0,  &_v16, _t40);
				E00419B90(_v16,  &_v12);
				E004074FC( &_v8, _v12, L"Usage: ");
				MessageBoxW(0, E004072B8(_v8), L"Host", 0);
				_pop(_t34);
				 *[fs:eax] = _t34;
				E004066B8( &_v16, 3);
				return 0;
			}










                                                                                                                                                0x0044df3b
                                                                                                                                                0x0044df3d
                                                                                                                                                0x0044df3f
                                                                                                                                                0x0044df44
                                                                                                                                                0x0044df49
                                                                                                                                                0x0044df4a
                                                                                                                                                0x0044df4f
                                                                                                                                                0x0044df52
                                                                                                                                                0x0044df5a
                                                                                                                                                0x0044df65
                                                                                                                                                0x0044df75
                                                                                                                                                0x0044df8c
                                                                                                                                                0x0044df93
                                                                                                                                                0x0044df96
                                                                                                                                                0x0044dfab
                                                                                                                                                0x0044dfb8

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00404844: GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 00404868
                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,Host,00000000), ref: 0044DF8C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileMessageModuleName
                                                                                                                                                • String ID: Host$Usage:
                                                                                                                                                • API String ID: 3425244467-3988290099
                                                                                                                                                • Opcode ID: 4f8f2f27a05abcf9c2918ded1fa91444e2f0c36f217527477f04cef9f6852ed1
                                                                                                                                                • Instruction ID: 9564ca235332580de59704b676867ee861e5f14ad262926aa16c1aef51b55e22
                                                                                                                                                • Opcode Fuzzy Hash: 4f8f2f27a05abcf9c2918ded1fa91444e2f0c36f217527477f04cef9f6852ed1
                                                                                                                                                • Instruction Fuzzy Hash: 7C01F731B04208BFE710EA91DC52F9EB7ACDB85714F60447BF901A72C0C5786A18C669
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041FDA4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E0041FDA4() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040A8C4(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x457f28 = _t1;
				}
				if( *0x457f28 == 0) {
					 *0x457f28 = E00419CF4;
					return E00419CF4;
				}
				return _t1;
			}






                                                                                                                                                0x0041fdaa
                                                                                                                                                0x0041fdaf
                                                                                                                                                0x0041fdb3
                                                                                                                                                0x0041fdbb
                                                                                                                                                0x0041fdc0
                                                                                                                                                0x0041fdc0
                                                                                                                                                0x0041fdcc
                                                                                                                                                0x0041fdd3
                                                                                                                                                0x00000000
                                                                                                                                                0x0041fdd3
                                                                                                                                                0x0041fdd9

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,0045633F,00000000,00456365), ref: 0041FDAA
                                                                                                                                                  • Part of subcall function 0040A8C4: GetProcAddress.KERNEL32(?,?), ref: 0040A8E8
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000001.00000002.407890365.0000000000412000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000001.00000002.407814853.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407834625.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407866406.000000000040D000.00000020.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407942394.0000000000457000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407962431.000000000045D000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.407980888.0000000000460000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408008337.0000000000461000.00000008.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408040014.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000001.00000002.408057289.000000000046E000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_Mes_Drivers_3.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                                                                                                                • API String ID: 1646373207-1127948838
                                                                                                                                                • Opcode ID: 0b3a606038b328406dc74f3cc23160753029376674eff30f24c53e40434d247e
                                                                                                                                                • Instruction ID: afe081b95e3e5f968adbc578c3e2cf1d6d7254a913b0af528e6dfd0b35c9c040
                                                                                                                                                • Opcode Fuzzy Hash: 0b3a606038b328406dc74f3cc23160753029376674eff30f24c53e40434d247e
                                                                                                                                                • Instruction Fuzzy Hash: 50D0C7726543455FDB00EBA57CD677921949714716F20443BE102652D3E67CC8DE871D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Analysis Process: detection.exe PID: 5556 Parent PID: 400 detection.exeCOMMON

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:4%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:0%
                                                                                                                                                Total number of Nodes:1567
                                                                                                                                                Total number of Limit Nodes:57

                                                                                                                                                Graph

                                                                                                                                                execution_graph 5887 402842 GetACP 5888 40704c 5889 407052 SysAllocStringLen 5888->5889 5890 407068 5888->5890 5889->5890 5891 406f28 5889->5891 5891->5888 6786 404650 6787 40aa20 12 API calls 6786->6787 6788 404656 6787->6788 6789 40aa20 12 API calls 6788->6789 6790 404661 6789->6790 5898 405c52 5903 40a578 5898->5903 5904 40a585 5903->5904 5911 40a36c 5904->5911 5907 405be0 5908 405bea 5907->5908 5910 405c12 5908->5910 5920 405a70 MultiByteToWideChar MultiByteToWideChar CompareStringW 5908->5920 5912 40a383 5911->5912 5917 405c69 5911->5917 5913 40a387 5912->5913 5914 40a3ea 5912->5914 5918 40a818 WideCharToMultiByte 5913->5918 5919 40a818 WideCharToMultiByte 5914->5919 5917->5907 5918->5917 5919->5917 5920->5908 6791 40a652 6792 40a644 6791->6792 6793 406f90 SysFreeString 6792->6793 6794 40a64c 6793->6794 5482 403058 5483 403070 5482->5483 5484 4032b8 5482->5484 5485 403082 5483->5485 5497 40310d Sleep 5483->5497 5486 4033d0 5484->5486 5487 40327c 5484->5487 5488 403091 5485->5488 5495 403170 5485->5495 5499 403151 Sleep 5485->5499 5489 402e00 VirtualAlloc 5486->5489 5490 4033d9 5486->5490 5492 403296 Sleep 5487->5492 5494 4032d6 5487->5494 5491 402e2b 5489->5491 5498 402e3b 5489->5498 5506 402db8 5491->5506 5492->5494 5496 4032ac Sleep 5492->5496 5500 402d40 VirtualAlloc 5494->5500 5503 4032f4 5494->5503 5505 40317c 5495->5505 5512 402d40 5495->5512 5496->5487 5497->5485 5501 403123 Sleep 5497->5501 5499->5495 5502 403167 Sleep 5499->5502 5500->5503 5501->5483 5502->5485 5507 402dfe 5506->5507 5508 402dc1 5506->5508 5507->5498 5508->5507 5509 402dcc Sleep 5508->5509 5510 402de1 5509->5510 5510->5507 5511 402de5 Sleep 5510->5511 5511->5508 5516 402cd4 5512->5516 5514 402d48 VirtualAlloc 5515 402d5f 5514->5515 5515->5505 5517 402c74 5516->5517 5517->5514 6795 404a58 6800 404a44 CloseHandle 6795->6800 6797 404a68 6798 404a73 6797->6798 6799 404a6c GetLastError 6797->6799 6800->6797 6801 40a65a 6802 406f48 12 API calls 6801->6802 6803 40a684 6802->6803 6804 40a6e3 6803->6804 6805 407d14 12 API calls 6803->6805 6806 406f48 12 API calls 6804->6806 6807 40a6a3 6805->6807 6808 40a6f8 6806->6808 6809 40a40c MultiByteToWideChar 6807->6809 6810 40a6bd 6809->6810 6811 40a6d0 6810->6811 6812 40a6c3 6810->6812 6814 406f48 12 API calls 6811->6814 6813 407d14 12 API calls 6812->6813 6815 40a6ce 6813->6815 6814->6815 6816 407328 12 API calls 6815->6816 6816->6804 6817 40765c 6820 407124 6817->6820 6821 406edc 12 API calls 6820->6821 6822 40713b 6821->6822 6823 406f6c 12 API calls 6822->6823 6824 407153 6823->6824 6825 405e5d 6826 405e6a 6825->6826 6827 405d34 15 API calls 6825->6827 6828 405e8a 6826->6828 6829 405e7f 6826->6829 6827->6826 6830 4044b4 12 API calls 6828->6830 6831 4044b4 12 API calls 6829->6831 6832 405e94 6830->6832 6833 405e89 6831->6833 5400 40a860 GetSystemInfo 5925 404461 5926 404475 VirtualFree 5925->5926 5927 4044ab 5926->5927 5930 4043b0 5927->5930 5931 4043d5 5930->5931 5932 4043c3 VirtualFree 5931->5932 5933 4043d9 5931->5933 5932->5931 5934 404455 5933->5934 5935 40443f VirtualFree 5933->5935 5935->5933 6834 402e62 6835 402e64 6834->6835 6836 402db8 2 API calls 6835->6836 6837 402e75 6836->6837 6838 402e8b VirtualFree 6837->6838 6841 402ea5 6837->6841 6839 402e9c 6838->6839 6840 402eae VirtualQuery VirtualFree 6840->6839 6840->6841 6841->6839 6841->6840 6842 40b262 GetStdHandle 6843 40b26a GetSystemDefaultLCID 6844 40aa6c GetModuleHandleW 6845 40aaa7 6844->6845 5426 406e74 5429 406d48 5426->5429 5430 406d70 5429->5430 5431 406d5f 5429->5431 5432 406d79 GetCurrentThreadId 5430->5432 5434 406d86 5430->5434 5447 406cb0 5431->5447 5432->5434 5444 404570 5434->5444 5436 406d69 5436->5430 5437 406dcd 5438 404570 9 API calls 5437->5438 5439 406de5 5437->5439 5438->5437 5440 406e19 FreeLibrary 5439->5440 5443 406e1f 5439->5443 5440->5443 5441 406e5b 5442 406e50 ExitProcess 5443->5441 5443->5442 5455 40aa20 5444->5455 5446 404576 5446->5437 5448 406d17 5447->5448 5449 406cba GetStdHandle WriteFile 5447->5449 5451 406d20 MessageBoxA 5448->5451 5452 406d33 5448->5452 5480 4077c0 5449->5480 5451->5452 5452->5436 5454 406d07 GetStdHandle WriteFile 5454->5436 5456 40aa55 TlsGetValue 5455->5456 5457 40aa2f 5455->5457 5458 40aa3a 5456->5458 5459 40aa5f 5456->5459 5457->5446 5463 40a9dc 5458->5463 5459->5446 5462 40aa4e 5462->5446 5464 40a9e2 5463->5464 5465 40a9fb 5464->5465 5472 40aa10 TlsGetValue 5464->5472 5473 406e80 5464->5473 5476 40a9c8 LocalAlloc 5465->5476 5468 40aa02 5469 40aa12 TlsSetValue 5468->5469 5470 40aa06 5468->5470 5469->5472 5471 406e80 11 API calls 5470->5471 5471->5472 5472->5462 5477 406e74 5473->5477 5476->5468 5478 406d48 12 API calls 5477->5478 5479 406e7e 5478->5479 5479->5465 5481 4077c6 5480->5481 5481->5454 5936 40a874 GetVersion 5937 40a88d 5936->5937 5942 407878 5945 407100 5942->5945 5944 407885 5946 406f90 5945->5946 5947 407108 SysAllocStringLen 5945->5947 5948 406fa4 5946->5948 5949 406f96 SysFreeString 5946->5949 5950 406f28 5947->5950 5951 407119 SysFreeString 5947->5951 5948->5944 5949->5948 5952 407052 SysAllocStringLen 5950->5952 5953 407068 5950->5953 5951->5944 5952->5950 5952->5953 5953->5944 5954 40487d 5955 4065a8 5954->5955 5956 40aa20 12 API calls 5955->5956 5959 406609 5955->5959 5957 4065e1 5956->5957 5958 40aa20 12 API calls 5957->5958 5958->5959 6846 402e00 VirtualAlloc 6847 402e3b 6846->6847 6848 402e2b 6846->6848 6849 402db8 2 API calls 6848->6849 6849->6847 5960 40b402 TranslateMessage 6850 404a08 6851 404a18 WriteFile 6850->6851 6853 404a14 6850->6853 6852 404a30 GetLastError 6851->6852 6851->6853 6852->6853 5965 40b40a UnregisterClassW 5966 405410 5967 405423 5966->5967 5968 40541a 5966->5968 5970 40513c 14 API calls 5967->5970 5974 40513c 5968->5974 5971 40542c 5970->5971 5985 404d50 5971->5985 5975 405155 5974->5975 5976 40515d 5974->5976 5988 404f54 5975->5988 5977 405184 5976->5977 5978 40516f 5976->5978 5981 4051ec IsDBCSLeadByteEx 5977->5981 5982 4051aa 5977->5982 5994 404f98 5978->5994 5981->5982 5984 40517f 5982->5984 6001 4050b8 5982->6001 5984->5967 6118 404cfc 5985->6118 5989 404f5f 5988->5989 5990 404f79 5989->5990 6008 4049bc 5989->6008 5992 404f92 5990->5992 6011 404640 5990->6011 5992->5976 5995 404fa4 5994->5995 5998 404fac 5994->5998 5997 404f54 12 API calls 5995->5997 5996 404fe3 5996->5984 5997->5998 5998->5996 5999 404640 12 API calls 5998->5999 6000 404fde 5999->6000 6000->5984 6027 40715c 6001->6027 6006 406f48 12 API calls 6007 40512f 6006->6007 6007->5984 6014 404958 6008->6014 6012 40aa20 12 API calls 6011->6012 6013 404648 6012->6013 6013->5992 6016 404968 6014->6016 6018 40496e 6014->6018 6015 4049b5 6015->5990 6016->6018 6020 404d5c 6016->6020 6017 404640 12 API calls 6017->6015 6018->6015 6018->6017 6021 404d9b 6020->6021 6022 404d6c 6020->6022 6023 404640 12 API calls 6021->6023 6026 404d99 6021->6026 6022->6021 6024 404d72 6022->6024 6023->6026 6025 404640 12 API calls 6024->6025 6024->6026 6025->6026 6026->6018 6028 407180 6027->6028 6029 407177 6027->6029 6031 4071b9 6028->6031 6045 4070b4 6028->6045 6030 406f48 12 API calls 6029->6030 6032 4050f2 6030->6032 6034 407d14 12 API calls 6031->6034 6042 405310 6032->6042 6035 4071c5 6034->6035 6037 4070b4 MultiByteToWideChar 6035->6037 6039 4071d6 6037->6039 6038 4071a8 6040 4070d0 12 API calls 6038->6040 6041 407d14 12 API calls 6039->6041 6040->6032 6041->6032 6049 405318 6042->6049 6048 40a840 MultiByteToWideChar 6045->6048 6047 4070c8 6047->6031 6047->6038 6048->6047 6050 405350 6049->6050 6051 40533f 6049->6051 6053 405361 6050->6053 6054 404f54 12 API calls 6050->6054 6068 404fec 6051->6068 6055 40536e 6053->6055 6058 40539b 6053->6058 6054->6053 6059 404fec 12 API calls 6055->6059 6056 405349 6057 406f6c 12 API calls 6056->6057 6060 405100 6057->6060 6058->6056 6062 404fec 12 API calls 6058->6062 6061 405383 6059->6061 6060->6006 6063 404f98 12 API calls 6061->6063 6064 4053d4 6062->6064 6063->6056 6087 407510 6064->6087 6067 404f98 12 API calls 6067->6056 6069 405057 6068->6069 6070 40500d 6068->6070 6071 405089 6069->6071 6073 4077d8 12 API calls 6069->6073 6093 4077d8 6070->6093 6077 406f6c 12 API calls 6071->6077 6075 405067 6073->6075 6078 407510 12 API calls 6075->6078 6076 407510 12 API calls 6081 405024 6076->6081 6079 4050a5 6077->6079 6080 40506f 6078->6080 6079->6056 6082 405264 12 API calls 6080->6082 6081->6069 6081->6071 6086 40aa20 12 API calls 6081->6086 6102 405264 6081->6102 6084 405084 6082->6084 6085 40aa20 12 API calls 6084->6085 6085->6071 6086->6081 6088 4074c4 6087->6088 6089 4053dc 6088->6089 6090 406edc 12 API calls 6088->6090 6089->6067 6091 4074df 6090->6091 6091->6089 6092 4044e8 12 API calls 6091->6092 6092->6089 6094 4077ea 6093->6094 6100 407827 6093->6100 6098 407819 6094->6098 6099 4077fe 6094->6099 6095 406f6c 12 API calls 6097 40501c 6095->6097 6097->6076 6113 406edc 6098->6113 6101 404500 12 API calls 6099->6101 6100->6095 6101->6097 6105 40528b 6102->6105 6103 4052d0 6107 406f48 12 API calls 6103->6107 6104 4052a2 6108 4052d4 6104->6108 6110 4052b3 6104->6110 6105->6103 6105->6104 6106 404f54 12 API calls 6105->6106 6106->6104 6109 4052ff 6107->6109 6111 405310 12 API calls 6108->6111 6109->6081 6112 404f98 12 API calls 6110->6112 6111->6103 6112->6103 6114 406ee0 6113->6114 6115 406f1e 6113->6115 6114->6115 6116 4044cc 12 API calls 6114->6116 6115->6100 6117 406ef0 6116->6117 6117->6100 6119 404d08 6118->6119 6120 404d3d 6119->6120 6121 404640 12 API calls 6119->6121 6121->6120 6122 407414 6124 407418 6122->6124 6123 40743c 6124->6123 6125 4044e8 12 API calls 6124->6125 6125->6123 5518 40b41a 5522 4048fc 5518->5522 5520 40b42f CreateWindowExW 5521 40b469 5520->5521 5522->5520 6854 40561c 6861 405604 6854->6861 6856 40563f 6857 405660 CompareStringW 6856->6857 6858 405681 6857->6858 6859 406f48 12 API calls 6858->6859 6860 405689 6859->6860 6862 40a798 13 API calls 6861->6862 6863 405616 6862->6863 6863->6856 6130 40641e 6133 406431 6130->6133 6137 406453 6130->6137 6131 40650c 6132 406501 6131->6132 6134 40651e UnhandledExceptionFilter 6131->6134 6136 40aa20 12 API calls 6132->6136 6133->6131 6135 4064cb 6133->6135 6133->6137 6134->6132 6134->6137 6135->6132 6138 4064ec UnhandledExceptionFilter 6135->6138 6136->6137 6138->6132 6138->6137 6864 40461e 6865 40aa20 12 API calls 6864->6865 6866 404608 6865->6866 6867 404634 6866->6867 6868 4045bc 12 API calls 6866->6868 6869 40461b 6868->6869 6870 405a22 6871 405604 13 API calls 6870->6871 6872 405a33 6871->6872 6139 40b828 IsEqualGUID 6140 40482c GetCommandLineW 6147 404770 6140->6147 6142 404770 12 API calls 6143 404850 6142->6143 6143->6142 6144 404867 6143->6144 6145 406f48 12 API calls 6144->6145 6146 40487c 6145->6146 6149 404778 6147->6149 6148 407d14 12 API calls 6150 4047df 6148->6150 6149->6148 6150->6143 6876 406a33 6877 406a38 6876->6877 6878 4067bc 12 API calls 6877->6878 6879 406a3d 6878->6879 6880 406a42 6879->6880 6881 406810 12 API calls 6879->6881 6881->6880 6882 4086c0 6885 408598 6882->6885 6884 4086cb 6886 4085ad 6885->6886 6902 4085dc 6885->6902 6887 4085f9 6886->6887 6889 408615 6886->6889 6890 4085b7 6886->6890 6887->6884 6888 4073cc 12 API calls 6888->6902 6889->6887 6891 407328 12 API calls 6889->6891 6892 4085bc 6890->6892 6897 408629 6890->6897 6891->6889 6893 4085c1 6892->6893 6898 40863d 6892->6898 6895 408660 6893->6895 6896 4085ca 6893->6896 6895->6887 6909 408458 6895->6909 6896->6887 6901 408691 6896->6901 6896->6902 6897->6887 6904 408440 6897->6904 6898->6887 6899 408598 14 API calls 6898->6899 6899->6898 6901->6887 6918 408d74 6901->6918 6902->6887 6902->6888 6905 408450 6904->6905 6908 408449 6904->6908 6906 404608 12 API calls 6905->6906 6907 408457 6906->6907 6907->6897 6908->6897 6910 408584 6909->6910 6914 408479 6909->6914 6910->6895 6911 4073cc 12 API calls 6911->6914 6912 407328 12 API calls 6912->6914 6913 408440 12 API calls 6913->6914 6914->6910 6914->6911 6914->6912 6914->6913 6915 408598 14 API calls 6914->6915 6916 408458 14 API calls 6914->6916 6917 408d74 14 API calls 6914->6917 6915->6914 6916->6914 6917->6914 6920 408d7b 6918->6920 6919 408d95 6919->6901 6920->6919 6922 408d38 6920->6922 6923 408d72 6922->6923 6925 408d3e 6922->6925 6923->6919 6924 408d69 6926 4044e8 12 API calls 6924->6926 6925->6923 6925->6924 6928 408324 6925->6928 6926->6923 6929 40832d 6928->6929 6954 40836a 6928->6954 6930 408342 6929->6930 6931 40836f 6929->6931 6932 408346 6930->6932 6933 4083a9 6930->6933 6934 408380 6931->6934 6935 408376 6931->6935 6937 40834a 6932->6937 6938 40838c 6932->6938 6939 4083b0 6933->6939 6940 4083b7 6933->6940 6963 406fd8 6934->6963 6941 406f6c 12 API calls 6935->6941 6945 4083c0 6937->6945 6946 40834e 6937->6946 6943 408393 6938->6943 6944 40839d 6938->6944 6947 406f48 12 API calls 6939->6947 6942 406fa8 12 API calls 6940->6942 6941->6954 6942->6954 6949 406f90 SysFreeString 6943->6949 6959 407008 6944->6959 6945->6954 6967 40830c 6945->6967 6951 408352 6946->6951 6952 4083cf 6946->6952 6947->6954 6949->6954 6957 4083ed 6951->6957 6958 40835a 6951->6958 6953 408324 14 API calls 6952->6953 6952->6954 6953->6952 6954->6924 6956 408d38 14 API calls 6956->6958 6957->6954 6972 4082d4 6957->6972 6958->6954 6958->6956 6960 40700e 6959->6960 6961 407014 SysFreeString 6960->6961 6962 407026 6960->6962 6961->6960 6962->6954 6964 406fde 6963->6964 6965 407004 6964->6965 6966 4044e8 12 API calls 6964->6966 6965->6954 6966->6964 6968 408315 6967->6968 6969 40831c 6967->6969 6968->6945 6970 404608 12 API calls 6969->6970 6971 408323 6970->6971 6971->6945 6973 408303 6972->6973 6974 4082ea 6972->6974 6973->6957 6974->6973 6975 408324 14 API calls 6974->6975 6975->6974 6151 40b4c1 6152 40b4c8 6151->6152 6153 40b4dc 6151->6153 6152->6153 6154 40b4d1 FreeLibrary 6152->6154 6154->6153 6155 40b8c2 SetErrorInfo 6156 4058c4 6157 4058d3 6156->6157 6158 405930 6157->6158 6159 4058d7 6157->6159 6160 406f48 12 API calls 6158->6160 6161 4058f8 6159->6161 6162 4058ed 6159->6162 6163 4058f6 6160->6163 6171 407b4c 6161->6171 6168 40a798 6162->6168 6166 40590b 6167 40a798 13 API calls 6166->6167 6167->6163 6175 40a708 6168->6175 6172 407b64 6171->6172 6200 407098 6172->6200 6174 407b7d 6174->6166 6176 406f48 12 API calls 6175->6176 6177 40a729 6176->6177 6178 40a774 6177->6178 6179 407d14 12 API calls 6177->6179 6180 406f48 12 API calls 6178->6180 6181 40a73b 6179->6181 6182 40a789 6180->6182 6191 40a40c 6181->6191 6182->6163 6185 40a762 6188 406f48 12 API calls 6185->6188 6186 40a755 6187 407d14 12 API calls 6186->6187 6189 40a760 6187->6189 6188->6189 6190 407328 12 API calls 6189->6190 6190->6178 6192 40a421 6191->6192 6193 40a43e 6191->6193 6194 40a47c 6192->6194 6196 40a429 6192->6196 6193->6185 6193->6186 6199 40a840 MultiByteToWideChar 6194->6199 6198 40a840 MultiByteToWideChar 6196->6198 6198->6193 6199->6193 6203 40706c 6200->6203 6204 407078 6203->6204 6207 40a818 WideCharToMultiByte 6204->6207 6206 407091 6206->6174 6207->6206 6208 40b0c6 CloseHandle 6209 40b8ca GetErrorInfo 6989 40b2ca GetVersionExW 6210 40b0ce CompareStringW 6211 40b8d2 CreateErrorInfo 6994 40b2d2 IsValidLocale 6212 40a8d4 6213 40a946 6212->6213 6214 40a8ed 6212->6214 6215 404d5c 12 API calls 6214->6215 6216 40a8f7 6215->6216 6217 404d5c 12 API calls 6216->6217 6218 40a901 6217->6218 6219 404d5c 12 API calls 6218->6219 6220 40a90b 6219->6220 6232 409144 6220->6232 6222 40a910 6223 40a923 6222->6223 6224 4044e8 12 API calls 6222->6224 6234 404460 6223->6234 6224->6223 6227 406f6c 12 API calls 6228 40a932 6227->6228 6229 406f6c 12 API calls 6228->6229 6230 40a93c 6229->6230 6231 406f6c 12 API calls 6230->6231 6231->6213 6233 409149 RtlDeleteCriticalSection 6232->6233 6233->6222 6235 404469 CloseHandle 6234->6235 6236 40447b 6234->6236 6235->6236 6237 404489 6236->6237 6243 403e44 6236->6243 6238 404492 VirtualFree 6237->6238 6239 4044ab 6237->6239 6238->6239 6241 4043b0 2 API calls 6239->6241 6242 4044b0 6241->6242 6242->6227 6248 403e4d 6243->6248 6244 403f82 6246 40423d 6244->6246 6251 404224 MessageBoxA 6244->6251 6245 403f2f 6245->6244 6247 403c30 3 API calls 6245->6247 6246->6237 6247->6245 6248->6245 6252 403c88 6248->6252 6257 403c30 6248->6257 6251->6246 6256 403cbd 6252->6256 6253 403e3b 6253->6248 6254 403c30 3 API calls 6254->6256 6256->6253 6256->6254 6261 403b54 6256->6261 6258 403c41 6257->6258 6260 403c46 6257->6260 6278 403b7c 6258->6278 6260->6248 6264 403ad4 6261->6264 6265 403ae6 6264->6265 6273 403b3e 6264->6273 6274 403a5c 6265->6274 6268 403a5c VirtualQuery 6269 403b07 6268->6269 6270 403a5c VirtualQuery 6269->6270 6269->6273 6271 403b2b 6270->6271 6272 403ad4 VirtualQuery 6271->6272 6271->6273 6272->6273 6273->6256 6275 403a6a 6274->6275 6277 403a9f 6274->6277 6276 403a88 VirtualQuery 6275->6276 6275->6277 6276->6277 6277->6268 6277->6273 6279 403bc2 6278->6279 6282 403b85 6278->6282 6280 403be3 6279->6280 6281 403bcb VirtualAlloc 6279->6281 6280->6260 6281->6280 6282->6279 6283 403b90 Sleep 6282->6283 6284 403ba9 Sleep 6282->6284 6283->6282 6284->6282 6286 4060da 6293 405e30 6286->6293 6294 405e40 6293->6294 6295 405e39 6293->6295 6297 40616c 6294->6297 6296 404608 12 API calls 6295->6296 6296->6294 6298 406174 6297->6298 6299 4060eb 6298->6299 6308 405e5c 6298->6308 6303 406090 6299->6303 6301 406181 6301->6299 6302 4044e8 12 API calls 6301->6302 6302->6299 6332 405e44 GetCurrentThreadId 6303->6332 6305 40609b 6307 4060ca 6305->6307 6336 4060f4 6305->6336 6309 405e65 6308->6309 6310 405e6a 6308->6310 6318 405d34 GetModuleHandleW GetProcAddress 6309->6318 6312 405e8a 6310->6312 6313 405e7f 6310->6313 6314 4044b4 12 API calls 6312->6314 6327 4044b4 6313->6327 6316 405e94 6314->6316 6316->6301 6317 405e89 6317->6301 6319 405db2 6318->6319 6320 405d5d 6318->6320 6319->6310 6320->6319 6321 405d6c GetLastError 6320->6321 6321->6319 6322 405d76 6321->6322 6323 4044cc 12 API calls 6322->6323 6324 405d7e 6323->6324 6324->6319 6325 4044e8 12 API calls 6324->6325 6326 405ddf 6325->6326 6326->6310 6328 4044c2 6327->6328 6329 4044b8 6327->6329 6328->6317 6329->6328 6330 4045bc 12 API calls 6329->6330 6331 40461b 6330->6331 6331->6317 6333 405e51 6332->6333 6334 405e58 6332->6334 6335 404608 12 API calls 6333->6335 6334->6305 6335->6334 6337 406152 6336->6337 6338 406106 6336->6338 6337->6307 6338->6337 6339 406139 Sleep 6338->6339 6339->6338 6999 40b2da LoadLibraryW 7000 405edc 7001 405e30 12 API calls 7000->7001 7002 405ee7 7001->7002 7003 40616c 15 API calls 7002->7003 7004 405eee 7003->7004 7007 405ef8 7004->7007 7010 405f06 7007->7010 7009 405ef5 7010->7009 7011 405f2f GetTickCount 7010->7011 7012 405f41 GetTickCount 7010->7012 7013 405f9b GetTickCount 7010->7013 7014 405fd5 GetTickCount 7010->7014 7016 405f74 GetCurrentThreadId 7010->7016 7021 4061a8 GetCurrentThreadId 7010->7021 7011->7010 7012->7009 7012->7010 7013->7009 7013->7010 7015 4060f4 Sleep 7014->7015 7019 405fe5 7015->7019 7016->7009 7017 405fff GetTickCount 7017->7019 7018 40606f 7018->7009 7020 406075 GetCurrentThreadId 7018->7020 7019->7014 7019->7017 7019->7018 7020->7009 7022 4061b5 7021->7022 7023 4061bc 7021->7023 7022->7010 7024 4061e6 7023->7024 7025 4061d3 GetCurrentThreadId 7023->7025 7024->7010 7025->7024 7026 40b2e2 LoadResource 6340 4038ea 6343 403058 6340->6343 6342 4038f8 6344 403070 6343->6344 6345 4032b8 6343->6345 6346 403082 6344->6346 6358 40310d Sleep 6344->6358 6347 4033d0 6345->6347 6348 40327c 6345->6348 6349 403091 6346->6349 6356 403170 6346->6356 6360 403151 Sleep 6346->6360 6350 402e00 VirtualAlloc 6347->6350 6351 4033d9 6347->6351 6353 403296 Sleep 6348->6353 6355 4032d6 6348->6355 6349->6342 6352 402e2b 6350->6352 6359 402e3b 6350->6359 6351->6342 6354 402db8 2 API calls 6352->6354 6353->6355 6357 4032ac Sleep 6353->6357 6354->6359 6361 402d40 VirtualAlloc 6355->6361 6364 4032f4 6355->6364 6365 402d40 VirtualAlloc 6356->6365 6366 40317c 6356->6366 6357->6348 6358->6346 6362 403123 Sleep 6358->6362 6359->6342 6360->6356 6363 403167 Sleep 6360->6363 6361->6364 6362->6344 6363->6346 6364->6342 6365->6366 6366->6342 7027 40b2ea LocalFree 7036 40b2f2 LockResource 6367 4068f6 6368 406909 6367->6368 6370 40696a 6367->6370 6369 406912 UnhandledExceptionFilter 6368->6369 6371 406858 6368->6371 6369->6370 6369->6371 6371->6370 6372 4045b0 12 API calls 6371->6372 6373 4068f2 6372->6373 6374 40b0f6 CreateFileW 7037 40b2fa ReadFile 6375 40b0fe DeleteFileW 6376 40b081 6377 40b088 6376->6377 6378 40b08d 6376->6378 6380 40af60 6377->6380 6383 40ad98 6380->6383 6386 40adad 6383->6386 6384 40ae9c 6384->6378 6385 40ae60 FreeLibrary 6385->6386 6386->6384 6386->6385 6387 40ae7d LocalFree 6386->6387 6387->6386 6388 404882 6389 404874 6388->6389 6390 406f48 12 API calls 6389->6390 6391 40487c 6390->6391 6392 402882 SetThreadLocale 6393 40b882 CreateBindCtx 6394 40b482 GetVersionExW 6395 40b49b 6394->6395 7042 406686 7043 406699 7042->7043 7045 4066c8 7042->7045 7044 4066b9 UnhandledExceptionFilter 7043->7044 7043->7045 7044->7045 6396 40488c 6397 406f48 12 API calls 6396->6397 6398 4048a0 6397->6398 6399 4048c2 GetCommandLineW 6398->6399 6400 4048a4 GetModuleFileNameW 6398->6400 6404 4048c9 6399->6404 6401 4070d0 12 API calls 6400->6401 6403 4048c0 6401->6403 6402 404770 12 API calls 6402->6404 6404->6402 6404->6403 6405 40b88d SafeArrayGetUBound 7056 404a90 7059 404aac 7056->7059 7057 404b04 7064 404b47 GetStdHandle 7057->7064 7065 404b29 GetStdHandle 7057->7065 7058 404ba8 CreateFileW 7060 404bca GetLastError 7058->7060 7061 404bdc 7058->7061 7059->7057 7059->7058 7077 404ab6 7059->7077 7060->7077 7062 404bea GetFileSize 7061->7062 7063 404b95 7061->7063 7066 404c01 7062->7066 7067 404c0f SetFilePointer 7062->7067 7073 404ccc GetFileType 7063->7073 7063->7077 7068 404b50 7064->7068 7065->7068 7088 404a78 7066->7088 7074 404c4a 7067->7074 7075 404c2b ReadFile 7067->7075 7068->7063 7072 404b5e GetFileType 7068->7072 7072->7063 7076 404b6b 7072->7076 7073->7077 7078 404cde 7073->7078 7079 404a78 2 API calls 7074->7079 7075->7074 7083 404c58 7075->7083 7080 404b73 GetConsoleOutputCP 7076->7080 7081 404b84 GetConsoleCP 7076->7081 7082 404a78 2 API calls 7078->7082 7079->7077 7080->7063 7081->7063 7082->7077 7083->7063 7084 404c7a SetFilePointer 7083->7084 7085 404c90 SetEndOfFile 7084->7085 7086 404c9c 7084->7086 7085->7063 7085->7086 7087 404a78 2 API calls 7086->7087 7087->7077 7091 404a44 CloseHandle 7088->7091 7090 404a82 GetLastError 7090->7077 7091->7090 7098 40b292 GetThreadLocale 6406 408094 6407 4080c2 6406->6407 6408 4081be 6407->6408 6409 4081c0 6407->6409 6413 408108 6407->6413 6411 406f48 12 API calls 6408->6411 6421 4074c4 6409->6421 6412 4081f9 6411->6412 6414 407370 12 API calls 6413->6414 6415 40812b 6413->6415 6414->6415 6416 40706c WideCharToMultiByte 6415->6416 6417 408165 6416->6417 6418 4077d8 12 API calls 6417->6418 6419 408172 6418->6419 6419->6408 6420 40706c WideCharToMultiByte 6419->6420 6420->6408 6422 4074ca 6421->6422 6424 407501 6421->6424 6423 406edc 12 API calls 6422->6423 6422->6424 6425 4074df 6423->6425 6424->6408 6425->6424 6426 4044e8 12 API calls 6425->6426 6426->6424 7099 407294 7102 407200 7099->7102 7103 407224 7102->7103 7104 40721b 7102->7104 7106 40725d 7103->7106 7107 4070b4 MultiByteToWideChar 7103->7107 7105 406f90 SysFreeString 7104->7105 7115 407222 7105->7115 7108 407af8 3 API calls 7106->7108 7109 407246 7107->7109 7110 407269 7108->7110 7109->7106 7112 40724c 7109->7112 7111 4070b4 MultiByteToWideChar 7110->7111 7113 40727a 7111->7113 7114 407100 4 API calls 7112->7114 7116 407af8 3 API calls 7113->7116 7114->7115 7116->7115 6427 40b89a SafeArrayGetLBound 6428 40a49a 6429 406f6c 12 API calls 6428->6429 6430 40a4c5 6429->6430 6431 4077d8 12 API calls 6430->6431 6443 40a53f 6430->6443 6434 40a4ed 6431->6434 6432 406f6c 12 API calls 6433 40a569 6432->6433 6435 40a36c WideCharToMultiByte 6434->6435 6436 40a514 6435->6436 6437 40a51a 6436->6437 6438 40a52c 6436->6438 6439 4077d8 12 API calls 6437->6439 6440 406f6c 12 API calls 6438->6440 6441 40a52a 6439->6441 6440->6441 6444 4073cc 6441->6444 6443->6432 6445 4073d0 6444->6445 6448 4073e4 6444->6448 6447 406edc 12 API calls 6445->6447 6445->6448 6446 407412 6446->6443 6447->6448 6448->6446 6449 4044e8 12 API calls 6448->6449 6449->6446 7117 40b29a GetTickCount 6450 407c9c 6451 407cb0 6450->6451 6452 407098 WideCharToMultiByte 6451->6452 6453 407cca 6451->6453 6452->6453 6454 40b8a2 SafeArrayGetElement 7124 40b2a2 GetUserDefaultLCID 6455 40b0a3 RegCloseKey 7125 4072a4 7126 4072c7 7125->7126 7127 4072be 7125->7127 7129 40706c WideCharToMultiByte 7126->7129 7128 406f6c 12 API calls 7127->7128 7137 4072c5 7128->7137 7130 4072e7 7129->7130 7131 4077d8 12 API calls 7130->7131 7132 4072f4 7131->7132 7133 407316 7132->7133 7134 4072f8 7132->7134 7136 406f6c 12 API calls 7133->7136 7135 40706c WideCharToMultiByte 7134->7135 7135->7137 7136->7137 6456 405ca5 6461 4062f4 6456->6461 6457 4063d5 6458 406393 UnhandledExceptionFilter 6458->6457 6459 40636d 6458->6459 6460 40aa20 12 API calls 6459->6460 6460->6457 6461->6457 6462 406378 6461->6462 6463 406358 UnhandledExceptionFilter 6461->6463 6462->6458 6462->6459 6463->6457 6463->6459 7138 40aea8 7139 40af4f 7138->7139 7140 40aece 7138->7140 7140->7139 7142 40aab8 7140->7142 7143 40aab9 7142->7143 7144 40ab54 RaiseException 7143->7144 7150 40ab7c 7143->7150 7148 40abe9 7144->7148 7145 40ac11 LoadLibraryA 7146 40ac1c 7145->7146 7151 40ac20 GetLastError 7146->7151 7152 40ac6b 7146->7152 7147 40ad1b 7147->7148 7149 40ad1f GetLastError 7147->7149 7148->7140 7154 40ad30 7149->7154 7150->7145 7150->7146 7150->7148 7161 40ac8f 7150->7161 7155 40ac31 7151->7155 7158 40ac79 7152->7158 7159 40acac FreeLibrary 7152->7159 7153 40ad0f GetProcAddress 7153->7147 7154->7148 7156 40ad42 RaiseException 7154->7156 7155->7152 7157 40ac43 RaiseException 7155->7157 7156->7148 7157->7148 7160 40ac7f LocalAlloc 7158->7160 7158->7161 7159->7161 7160->7161 7161->7147 7161->7148 7161->7153 6470 40b8aa LoadTypeLibEx 6471 405caa 6473 405cb5 6471->6473 6475 4067bc 6473->6475 6474 405cc8 6476 40aa20 12 API calls 6475->6476 6477 4067cc 6476->6477 6477->6474 7162 407aaa 7163 407ab7 7162->7163 7164 407100 4 API calls 7163->7164 7165 407aef 7164->7165 6488 40b0ae RegCreateKeyExW 6489 40b8b2 RegisterTypeLib 6490 40b0b6 RegDeleteKeyW 7170 40a2b6 7171 40a2c1 7170->7171 7172 40a2ba 7170->7172 7173 404608 12 API calls 7172->7173 7173->7171 7174 40aab9 7175 40aae3 7174->7175 7176 40ab54 RaiseException 7175->7176 7177 40ab7c 7175->7177 7193 40abe9 7176->7193 7178 40ac11 LoadLibraryA 7177->7178 7179 40ac1c 7177->7179 7184 40ac8f 7177->7184 7177->7193 7178->7179 7182 40ac20 GetLastError 7179->7182 7183 40ac6b 7179->7183 7180 40ad1b 7181 40ad1f GetLastError 7180->7181 7180->7193 7186 40ad30 7181->7186 7187 40ac31 7182->7187 7190 40ac79 7183->7190 7191 40acac FreeLibrary 7183->7191 7184->7180 7185 40ad0f GetProcAddress 7184->7185 7184->7193 7185->7180 7188 40ad42 RaiseException 7186->7188 7186->7193 7187->7183 7189 40ac43 RaiseException 7187->7189 7188->7193 7189->7193 7190->7184 7192 40ac7f LocalAlloc 7190->7192 7191->7184 7192->7184 6497 40b8ba DispGetIDsOfNames 6498 40a0be 6501 40a0e8 6498->6501 6502 40a0f8 6501->6502 6506 40a119 6501->6506 6503 40a0ff 6502->6503 6502->6506 6505 4044e8 12 API calls 6503->6505 6504 40a0c5 6505->6504 6506->6504 6507 4044e8 12 API calls 6506->6507 6507->6504 6508 40b0be RegSetValueExW 7194 4056be 7199 405770 7194->7199 7197 4044e8 12 API calls 7198 4056d1 7197->7198 7200 405776 7199->7200 7201 4082d4 14 API calls 7200->7201 7202 40578d 7200->7202 7201->7200 7205 405e98 7202->7205 7206 405e9d 7205->7206 7207 4056ca 7206->7207 7209 405eb0 7206->7209 7207->7197 7210 405ebd 7209->7210 7211 4044e8 12 API calls 7210->7211 7212 405ed6 7211->7212 7212->7207 6509 406d40 6510 406d5f 6509->6510 6515 406d69 6509->6515 6512 406cb0 5 API calls 6510->6512 6511 406d79 GetCurrentThreadId 6513 406d86 6511->6513 6512->6515 6514 404570 12 API calls 6513->6514 6516 406dcd 6514->6516 6515->6511 6515->6513 6517 404570 12 API calls 6516->6517 6518 406de5 6516->6518 6517->6516 6519 406e19 FreeLibrary 6518->6519 6522 406e1f 6518->6522 6519->6522 6520 406e5b 6521 406e50 ExitProcess 6522->6520 6522->6521 7213 40b342 VirtualAlloc 6523 404d44 6524 404cfc 12 API calls 6523->6524 6525 404d4c 6524->6525 6526 40b146 InterlockedExchange 6527 409149 RtlDeleteCriticalSection 7218 40b34a VirtualFree 7219 40674a 7220 406750 7219->7220 7222 40675a 7219->7222 7221 406e80 12 API calls 7220->7221 7221->7222 7224 406798 7222->7224 7225 4045a4 7222->7225 7226 40aa20 12 API calls 7225->7226 7227 4045a9 7226->7227 7227->7224 6528 40b14e InterlockedExchangeAdd 6529 404550 6530 40aa20 12 API calls 6529->6530 6531 404555 6530->6531 6532 40456d 6531->6532 6533 40aa20 12 API calls 6531->6533 6534 404563 6533->6534 7228 40b352 VirtualQuery 6535 40b156 InterlockedIncrement 7232 40b35a VirtualQueryEx 6536 40b15e FreeResource 7233 40b362 WaitForSingleObject 7234 402762 7235 402764 GetStdHandle 7234->7235 6537 405964 6538 40598c 6537->6538 6539 405975 6537->6539 6539->6538 6540 4045bc 12 API calls 6539->6540 6540->6538 7236 405b6a 7237 40a578 WideCharToMultiByte 7236->7237 7238 405b81 7237->7238 7241 405ae8 7238->7241 7242 405af3 7241->7242 7244 405b1c 7242->7244 7245 405a70 MultiByteToWideChar MultiByteToWideChar CompareStringW 7242->7245 7245->7242 7246 40b36a WideCharToMultiByte 6542 40b16e GetCPInfo 7247 40b372 WriteFile 6547 40b176 GetCPInfoExW 6548 40b17e GetCurrentProcess 5401 407100 5402 406f90 5401->5402 5403 407108 SysAllocStringLen 5401->5403 5404 406fa4 5402->5404 5405 406f96 SysFreeString 5402->5405 5406 406f28 5403->5406 5407 407119 SysFreeString 5403->5407 5405->5404 5408 407052 SysAllocStringLen 5406->5408 5409 407068 5406->5409 5408->5406 5408->5409 7254 40b302 RemoveDirectoryW 6557 40b106 EnumCalendarInfoW 6558 405d08 6559 405d12 6558->6559 6560 4067bc 12 API calls 6559->6560 6561 405d17 6560->6561 6562 405d1c 6561->6562 6564 406810 6561->6564 6565 40aa20 12 API calls 6564->6565 6566 406815 6565->6566 7259 402f08 7260 402f2c VirtualQuery 7259->7260 7261 40300d 7259->7261 7265 402fd5 7260->7265 7266 402f65 7260->7266 7262 402fbe 7261->7262 7264 403058 10 API calls 7261->7264 7269 403024 7264->7269 7267 403058 10 API calls 7265->7267 7266->7265 7268 402f92 VirtualAlloc 7266->7268 7272 402fdc 7267->7272 7268->7265 7270 402fa8 VirtualAlloc 7268->7270 7269->7262 7271 4033dc 10 API calls 7269->7271 7270->7262 7270->7265 7271->7262 7272->7262 7273 4033dc 10 API calls 7272->7273 7273->7262 7274 409b09 7275 409aec 7274->7275 7276 409afa RegCloseKey 7275->7276 7277 4044e8 12 API calls 7275->7277 7277->7276 7278 40b30a ResetEvent 6567 40b10e EnumSystemLocalesW 7279 414f10 7280 414f1e 7279->7280 7281 415326 7280->7281 7282 408324 14 API calls 7280->7282 7282->7281 7283 40b312 SetEndOfFile 6568 40b116 FindClose 7284 40b31a SetErrorMode 6569 40b11e FindFirstFileW 7285 40b322 SetEvent 6574 40b126 FindResourceW 7290 406f26 7291 406f28 7290->7291 7292 407052 SysAllocStringLen 7291->7292 7293 407068 7291->7293 7292->7291 7292->7293 6575 407928 6576 40793d 6575->6576 6577 40799c 6576->6577 6581 406f30 6576->6581 6579 40796c 6587 407868 6579->6587 6582 406f44 6581->6582 6583 406f34 SysAllocStringLen 6581->6583 6582->6579 6583->6582 6584 406f28 6583->6584 6585 407052 SysAllocStringLen 6584->6585 6586 407068 6584->6586 6585->6584 6585->6586 6586->6579 6588 407874 6587->6588 6589 40786e SysFreeString 6587->6589 6588->6577 6589->6588 7294 40b32a SetFilePointer 6590 408d2c 6593 408b90 6590->6593 6594 408bc9 6593->6594 6595 404500 12 API calls 6594->6595 6597 408c5a 6595->6597 6596 408d1d 6597->6596 6598 408b90 12 API calls 6597->6598 6598->6596 6599 40b12e FormatMessageW 7295 40772e 7296 407734 7295->7296 7297 407781 7295->7297 7298 40773e 7296->7298 7299 4073cc 7296->7299 7298->7297 7301 407772 7298->7301 7302 407757 7298->7302 7305 406edc 12 API calls 7299->7305 7306 4073e4 7299->7306 7300 407412 7303 4077d8 12 API calls 7301->7303 7304 4077d8 12 API calls 7302->7304 7308 407760 7303->7308 7304->7308 7305->7306 7306->7300 7307 4044e8 12 API calls 7306->7307 7307->7300 7309 40b332 SetLastError 7314 40b33a SizeofResource 6614 40293c GetStartupInfoW 6615 402959 6614->6615 6616 40b13e InterlockedDecrement 7318 40b3c2 GetSystemMetrics 6617 4049c6 ReadFile 6618 4049ef GetLastError 6617->6618 6619 4049f9 6617->6619 6618->6619 7319 40b3ca KillTimer 6621 40b1ce GetModuleFileNameW 7320 40b3d2 LoadStringW 6622 4035d4 6623 4035e4 6622->6623 6624 40366c 6622->6624 6627 4035f1 6623->6627 6628 403628 6623->6628 6625 403675 6624->6625 6626 402f08 6624->6626 6629 40368d 6625->6629 6642 40379c 6625->6642 6632 4038e7 6626->6632 6635 402f2c VirtualQuery 6626->6635 6636 40300d 6626->6636 6631 4035fc 6627->6631 6634 403058 10 API calls 6627->6634 6630 403058 10 API calls 6628->6630 6638 4036b0 6629->6638 6643 403774 6629->6643 6664 403694 6629->6664 6653 40363f 6630->6653 6633 403800 6637 403058 10 API calls 6633->6637 6657 403819 6633->6657 6652 403609 6634->6652 6646 402fd5 6635->6646 6647 402f65 6635->6647 6640 402fbe 6636->6640 6644 403058 10 API calls 6636->6644 6660 4038b0 6637->6660 6650 4036f0 Sleep 6638->6650 6638->6664 6639 403665 6642->6633 6649 4037d8 Sleep 6642->6649 6642->6657 6648 403058 10 API calls 6643->6648 6662 403024 6644->6662 6645 403621 6651 403058 10 API calls 6646->6651 6647->6646 6654 402f92 VirtualAlloc 6647->6654 6665 40377d 6648->6665 6649->6633 6655 4037f2 Sleep 6649->6655 6656 403708 Sleep 6650->6656 6650->6664 6668 402fdc 6651->6668 6652->6645 6658 4033dc 10 API calls 6652->6658 6653->6639 6661 4033dc 10 API calls 6653->6661 6654->6646 6663 402fa8 VirtualAlloc 6654->6663 6655->6642 6656->6638 6658->6645 6659 403795 6660->6657 6666 4033dc 10 API calls 6660->6666 6661->6639 6662->6640 6667 4033dc 10 API calls 6662->6667 6663->6640 6663->6646 6665->6659 6669 4033dc 10 API calls 6665->6669 6670 4038d4 6666->6670 6667->6640 6668->6640 6672 4033dc 6668->6672 6669->6659 6673 4033f1 6672->6673 6674 4034d4 6672->6674 6676 4033f7 6673->6676 6679 40346e Sleep 6673->6679 6675 402e64 6674->6675 6674->6676 6677 4035ce 6675->6677 6680 402db8 2 API calls 6675->6680 6678 403400 6676->6678 6682 4034b2 Sleep 6676->6682 6684 4034e9 6676->6684 6677->6640 6678->6640 6679->6676 6681 403488 Sleep 6679->6681 6683 402e75 6680->6683 6681->6673 6682->6684 6685 4034c8 Sleep 6682->6685 6686 402e8b VirtualFree 6683->6686 6691 402ea5 6683->6691 6688 40350c 6684->6688 6689 403568 VirtualFree 6684->6689 6685->6676 6690 402e9c 6686->6690 6687 402eae VirtualQuery VirtualFree 6687->6690 6687->6691 6688->6640 6689->6640 6690->6640 6691->6687 6691->6690 6692 40b1d6 GetModuleHandleW 7321 40b3da MessageBoxW 5523 4033dc 5524 4033f1 5523->5524 5525 4034d4 5523->5525 5527 4033f7 5524->5527 5530 40346e Sleep 5524->5530 5526 402e64 5525->5526 5525->5527 5528 4035ce 5526->5528 5531 402db8 2 API calls 5526->5531 5529 403400 5527->5529 5533 4034b2 Sleep 5527->5533 5535 4034e9 5527->5535 5530->5527 5532 403488 Sleep 5530->5532 5534 402e75 5531->5534 5532->5524 5533->5535 5536 4034c8 Sleep 5533->5536 5537 402e8b VirtualFree 5534->5537 5542 402ea5 5534->5542 5539 40350c 5535->5539 5540 403568 VirtualFree 5535->5540 5536->5527 5541 402e9c 5537->5541 5538 402eae VirtualQuery VirtualFree 5538->5541 5538->5542 5542->5538 5542->5541 7322 40b3e2 PeekMessageW 7323 4027e2 RaiseException 6703 40b1e6 6704 40b20a GetProcAddress 6703->6704 6706 40b215 6703->6706 6705 40b235 6704->6705 6707 406f6c 12 API calls 6705->6707 6709 40b22c GetProcAddress 6706->6709 6708 40b24a 6707->6708 6709->6705 7328 40b3ea PostThreadMessageW 7329 4027ea RtlUnwind 7330 403bee 7331 403b7c 3 API calls 7330->7331 7332 403bf8 7331->7332 7333 40b3f2 RegisterClassW 7334 40b3fa SetTimer 6724 40b186 GetCurrentThreadId 7344 408b88 7345 408d38 14 API calls 7344->7345 7346 408b8d 7345->7346 7347 40278a 7348 40278c SetEndOfFile 7347->7348 6725 40a18c 6726 40a166 6725->6726 6727 406810 12 API calls 6725->6727 6727->6726 6728 40b18e GetDateFormatW 7353 40b392 CharUpperW 6729 40b196 GetDiskFreeSpaceW 7358 40b39a CharUpperBuffW 6730 40b19e GetFileAttributesW 5410 4073a0 5411 406f90 5410->5411 5412 4073a8 5410->5412 5414 406fa4 5411->5414 5415 406f96 SysFreeString 5411->5415 5412->5411 5413 4073b3 SysReAllocStringLen 5412->5413 5416 4073c3 5413->5416 5417 406f28 5413->5417 5415->5414 5418 407052 SysAllocStringLen 5417->5418 5419 407068 5417->5419 5418->5417 5418->5419 6731 4079a4 6732 4079ba 6731->6732 6733 4079dc 6732->6733 6734 407a0f 6732->6734 6735 406f30 2 API calls 6733->6735 6740 406f90 6734->6740 6738 4079e4 6735->6738 6737 407a0d 6739 407868 SysFreeString 6738->6739 6739->6737 6741 406fa4 6740->6741 6742 406f96 SysFreeString 6740->6742 6741->6737 6742->6741 7359 407fa4 7364 407480 7359->7364 7361 408001 7362 407fb5 7362->7361 7363 407d14 12 API calls 7362->7363 7363->7361 7365 407486 7364->7365 7367 4074bb 7364->7367 7366 406e9c 12 API calls 7365->7366 7365->7367 7368 407497 7366->7368 7367->7362 7368->7367 7369 4044e8 12 API calls 7368->7369 7369->7367 6743 40b1a6 GetFullPathNameW 5543 40a7ac 5545 40a7b4 5543->5545 5544 40a801 5545->5544 5549 408df0 5545->5549 5550 408dff 5549->5550 5551 408e15 LoadStringW 5549->5551 5550->5551 5558 408da8 5550->5558 5553 4070d0 5551->5553 5554 406e9c 12 API calls 5553->5554 5555 4070e0 5554->5555 5556 406f6c 12 API calls 5555->5556 5557 4070fa 5556->5557 5557->5544 5559 408dd4 5558->5559 5560 408db8 GetModuleFileNameW 5558->5560 5559->5551 5562 409fec GetModuleFileNameW 5560->5562 5563 40a03a 5562->5563 5572 409ed0 5563->5572 5565 40a066 5566 40a080 5565->5566 5568 40a078 LoadLibraryExW 5565->5568 5598 406fa8 5566->5598 5568->5566 5573 409ef1 5572->5573 5574 406f48 12 API calls 5573->5574 5575 409f0e 5574->5575 5606 407370 5575->5606 5577 409f4a 5610 409c18 5577->5610 5582 409f71 GetUserDefaultUILanguage 5618 4095c4 RtlEnterCriticalSection 5582->5618 5583 409f62 5584 409d38 14 API calls 5583->5584 5586 409f6f 5584->5586 5590 406fa8 12 API calls 5586->5590 5592 409fdc 5590->5592 5591 409fb3 5591->5586 5655 409e04 5591->5655 5592->5565 5593 409f99 GetSystemDefaultUILanguage 5594 4095c4 30 API calls 5593->5594 5596 409fa6 5594->5596 5597 409d38 14 API calls 5596->5597 5597->5591 5600 406fae 5598->5600 5599 406fd4 5602 406f48 5599->5602 5600->5599 5601 4044e8 12 API calls 5600->5601 5601->5600 5603 406f69 5602->5603 5604 406f4e 5602->5604 5603->5559 5604->5603 5605 4044e8 12 API calls 5604->5605 5605->5603 5608 407374 5606->5608 5607 407398 5607->5577 5673 407f5c 5607->5673 5608->5607 5677 4044e8 5608->5677 5611 409c3a 5610->5611 5612 409c4c 5610->5612 5691 4098fc 5611->5691 5616 406f48 12 API calls 5612->5616 5614 409c44 5719 409c7c 5614->5719 5617 409c6e 5616->5617 5617->5582 5617->5583 5619 409610 RtlLeaveCriticalSection 5618->5619 5620 4095f0 5618->5620 5621 406f48 12 API calls 5619->5621 5623 409601 RtlLeaveCriticalSection 5620->5623 5622 409621 IsValidLocale 5621->5622 5625 409630 5622->5625 5626 40967f RtlEnterCriticalSection 5622->5626 5624 4096b1 5623->5624 5632 406f48 12 API calls 5624->5632 5628 409644 5625->5628 5629 409639 5625->5629 5797 407ba8 5626->5797 5771 4092ac 5628->5771 5752 4094a8 GetThreadUILanguage 5629->5752 5630 40969c lstrcpynW RtlLeaveCriticalSection 5630->5624 5635 4096c6 5632->5635 5643 409d38 5635->5643 5637 409657 5638 409668 GetSystemDefaultUILanguage 5637->5638 5783 407d94 5637->5783 5640 4092ac 15 API calls 5638->5640 5641 409675 5640->5641 5642 407d94 12 API calls 5641->5642 5642->5626 5644 409d56 5643->5644 5645 406f48 12 API calls 5644->5645 5646 409d73 5645->5646 5647 409dd1 5646->5647 5649 409dd8 5646->5649 5652 407f5c 12 API calls 5646->5652 5863 407dec 5646->5863 5878 409ccc 5646->5878 5648 406f48 12 API calls 5647->5648 5648->5649 5650 406fa8 12 API calls 5649->5650 5651 409df2 5650->5651 5651->5591 5651->5593 5652->5646 5885 40702c 5655->5885 5658 409e54 5659 407dec 12 API calls 5658->5659 5660 409e61 5659->5660 5661 409ccc 14 API calls 5660->5661 5663 409e68 5661->5663 5662 409ea1 5664 406fa8 12 API calls 5662->5664 5663->5662 5665 407dec 12 API calls 5663->5665 5666 409ebb 5664->5666 5667 409e8f 5665->5667 5668 406f48 12 API calls 5666->5668 5669 409ccc 14 API calls 5667->5669 5670 409ec3 5668->5670 5671 409e96 5669->5671 5670->5586 5671->5662 5672 406f48 12 API calls 5671->5672 5672->5662 5674 407f67 5673->5674 5675 4070d0 12 API calls 5674->5675 5676 407f9d 5675->5676 5676->5577 5678 4044f6 5677->5678 5679 4044ec 5677->5679 5678->5607 5679->5678 5682 4045bc 5679->5682 5683 4045ce 5682->5683 5684 4045e1 5683->5684 5685 40aa20 12 API calls 5683->5685 5688 4045b0 5684->5688 5685->5684 5689 406e74 12 API calls 5688->5689 5690 4045bb 5689->5690 5690->5607 5692 409913 5691->5692 5693 409927 GetModuleFileNameW 5692->5693 5695 40993c 5692->5695 5694 409956 5693->5694 5697 409964 RegOpenKeyExW 5694->5697 5698 409b0b 5694->5698 5696 409949 lstrcpynW 5695->5696 5696->5694 5699 409a25 5697->5699 5700 40998b RegOpenKeyExW 5697->5700 5703 406f48 12 API calls 5698->5703 5725 409708 GetModuleHandleW 5699->5725 5700->5699 5701 4099a9 RegOpenKeyExW 5700->5701 5701->5699 5705 4099c7 RegOpenKeyExW 5701->5705 5704 409b20 5703->5704 5704->5614 5705->5699 5707 4099e5 RegOpenKeyExW 5705->5707 5707->5699 5712 409a03 RegOpenKeyExW 5707->5712 5708 409a61 5742 4044cc 5708->5742 5709 409a94 RegQueryValueExW 5710 409ab0 5709->5710 5711 409a92 5709->5711 5715 4044cc 12 API calls 5710->5715 5717 409afa RegCloseKey 5711->5717 5718 4044e8 12 API calls 5711->5718 5712->5698 5712->5699 5714 409a69 RegQueryValueExW 5714->5711 5716 409ab8 RegQueryValueExW 5715->5716 5716->5711 5717->5614 5718->5717 5720 409c89 5719->5720 5722 409c93 5719->5722 5721 4044e8 12 API calls 5720->5721 5721->5722 5723 4044cc 12 API calls 5722->5723 5724 409cae 5722->5724 5723->5724 5724->5612 5726 409770 5725->5726 5727 409730 GetProcAddress 5725->5727 5729 4098c2 RegQueryValueExW 5726->5729 5737 4097a6 5726->5737 5748 4096e4 5726->5748 5727->5726 5728 409741 5727->5728 5728->5726 5732 409757 lstrcpynW 5728->5732 5729->5708 5729->5709 5730 4097c6 lstrcpynW 5738 4097df 5730->5738 5732->5729 5734 4098ae lstrcpynW 5734->5729 5735 4096e4 CharNextW 5735->5737 5736 4096e4 CharNextW 5736->5738 5737->5729 5737->5730 5738->5729 5738->5734 5738->5736 5739 40980d lstrcpynW FindFirstFileW 5738->5739 5739->5729 5740 409842 FindClose lstrlenW 5739->5740 5740->5729 5741 409864 lstrcpynW lstrlenW 5740->5741 5741->5738 5743 4044e3 5742->5743 5745 4044d0 5742->5745 5743->5714 5744 4044da 5744->5714 5745->5744 5746 4045bc 12 API calls 5745->5746 5747 40461b 5746->5747 5747->5714 5750 4096f2 5748->5750 5749 409700 5749->5729 5749->5735 5750->5749 5751 4096ea CharNextW 5750->5751 5751->5750 5753 4094c4 5752->5753 5754 40951d 5752->5754 5799 409464 GetThreadPreferredUILanguages 5753->5799 5756 409464 14 API calls 5754->5756 5764 409525 5756->5764 5758 409566 5759 4095bc 5758->5759 5760 40956c SetThreadPreferredUILanguages 5758->5760 5759->5626 5762 409464 14 API calls 5760->5762 5763 409582 5762->5763 5766 40959d SetThreadPreferredUILanguages 5763->5766 5767 4095ad 5763->5767 5764->5758 5765 4044e8 12 API calls 5764->5765 5765->5758 5766->5767 5768 4044e8 12 API calls 5767->5768 5769 4095b4 5768->5769 5770 4044e8 12 API calls 5769->5770 5770->5759 5772 406f48 12 API calls 5771->5772 5776 4092e7 5772->5776 5773 40933d 5774 409350 IsValidLocale 5773->5774 5775 4093f3 5773->5775 5774->5775 5777 409363 GetLocaleInfoW GetLocaleInfoW 5774->5777 5778 406fa8 12 API calls 5775->5778 5776->5773 5804 4091bc 5776->5804 5779 40939e 5777->5779 5780 409410 GetSystemDefaultUILanguage 5778->5780 5819 407e74 5779->5819 5780->5626 5780->5637 5784 407de3 5783->5784 5785 407d98 5783->5785 5784->5638 5786 407da2 5785->5786 5787 407328 5785->5787 5786->5784 5789 407dd8 5786->5789 5790 407dbd 5786->5790 5793 406e9c 12 API calls 5787->5793 5794 40733c 5787->5794 5788 40736c 5788->5638 5792 407d14 12 API calls 5789->5792 5791 407d14 12 API calls 5790->5791 5796 407dc2 5791->5796 5792->5796 5793->5794 5794->5788 5795 4044e8 12 API calls 5794->5795 5795->5788 5796->5638 5798 407bae 5797->5798 5798->5630 5800 409485 5799->5800 5801 40949e SetThreadPreferredUILanguages 5799->5801 5802 4044cc 12 API calls 5800->5802 5801->5754 5803 40948e GetThreadPreferredUILanguages 5802->5803 5803->5801 5805 4091e2 5804->5805 5806 407370 12 API calls 5805->5806 5807 40926a 5805->5807 5808 409214 5806->5808 5810 406f48 12 API calls 5807->5810 5809 406f48 12 API calls 5808->5809 5817 40921b 5809->5817 5811 40927f 5810->5811 5812 406fa8 12 API calls 5811->5812 5813 40928c 5812->5813 5813->5773 5814 407e74 12 API calls 5814->5817 5815 407370 12 API calls 5815->5817 5817->5807 5817->5814 5817->5815 5818 407f5c 12 API calls 5817->5818 5828 409150 5817->5828 5818->5817 5820 407e8a 5819->5820 5821 407f0f 5820->5821 5822 407ed5 5820->5822 5823 407eb7 5820->5823 5821->5821 5843 406e9c 5822->5843 5832 407d14 5823->5832 5826 407ec5 5826->5821 5848 407328 5826->5848 5829 409160 5828->5829 5830 406f48 12 API calls 5829->5830 5831 4091ab 5830->5831 5831->5817 5837 407d21 5832->5837 5839 407d6b 5832->5839 5833 407d5f 5835 406e9c 12 API calls 5833->5835 5834 406f6c 12 API calls 5836 407d5c 5834->5836 5835->5839 5836->5826 5837->5833 5838 407d39 5837->5838 5854 404500 5838->5854 5839->5834 5841 407d41 5841->5836 5859 406f6c 5841->5859 5844 406ea0 5843->5844 5845 406ed4 5843->5845 5844->5845 5846 4044cc 12 API calls 5844->5846 5845->5826 5847 406eaf 5846->5847 5847->5826 5849 40733c 5848->5849 5850 40732c 5848->5850 5851 40736c 5849->5851 5853 4044e8 12 API calls 5849->5853 5850->5849 5852 406e9c 12 API calls 5850->5852 5851->5821 5852->5849 5853->5851 5855 404506 5854->5855 5855->5841 5856 4045bc 12 API calls 5855->5856 5858 404518 5855->5858 5857 40461b 5856->5857 5857->5841 5858->5841 5860 406f72 5859->5860 5861 406f8d 5859->5861 5860->5861 5862 4044e8 12 API calls 5860->5862 5861->5836 5862->5861 5864 407df0 5863->5864 5865 407e5e 5863->5865 5866 407328 5864->5866 5867 407df8 5864->5867 5871 406e9c 12 API calls 5866->5871 5872 40733c 5866->5872 5867->5865 5868 407e07 5867->5868 5870 407328 12 API calls 5867->5870 5868->5865 5873 406e9c 12 API calls 5868->5873 5869 40736c 5869->5646 5870->5868 5871->5872 5872->5869 5874 4044e8 12 API calls 5872->5874 5875 407e28 5873->5875 5874->5869 5876 407328 12 API calls 5875->5876 5877 407e5a 5876->5877 5877->5646 5879 409ce1 5878->5879 5880 409cfe FindFirstFileW 5879->5880 5881 409d14 5880->5881 5882 409d0e FindClose 5880->5882 5883 406f48 12 API calls 5881->5883 5882->5881 5884 409d29 5883->5884 5884->5646 5886 407030 GetUserDefaultUILanguage GetLocaleInfoW 5885->5886 5886->5658 6750 40b1ae GetLastError 6751 40a5ae 6752 406f90 SysFreeString 6751->6752 6753 40a5d8 6752->6753 6764 40a622 6753->6764 6765 407af8 6753->6765 6755 406f90 SysFreeString 6756 40a64c 6755->6756 6757 40a5f7 6758 40a40c MultiByteToWideChar 6757->6758 6759 40a611 6758->6759 6760 40a624 6759->6760 6761 40a617 6759->6761 6763 406f90 SysFreeString 6760->6763 6762 407af8 3 API calls 6761->6762 6762->6764 6763->6764 6764->6755 6766 407b06 6765->6766 6770 407b0d 6765->6770 6768 406f30 2 API calls 6766->6768 6767 407868 SysFreeString 6769 407b44 6767->6769 6768->6770 6769->6757 6770->6767 5420 4043b0 5421 4043d5 5420->5421 5422 4043c3 VirtualFree 5421->5422 5423 4043d9 5421->5423 5422->5421 5424 404455 5423->5424 5425 40443f VirtualFree 5423->5425 5425->5423 7370 406bb2 7371 406bc0 7370->7371 7375 406bf1 7371->7375 7376 406afc 7371->7376 7381 406b50 7371->7381 7386 406ba0 7371->7386 7389 40a7ac 7376->7389 7378 406b1f 7379 406f48 12 API calls 7378->7379 7380 406b43 7379->7380 7380->7371 7382 40a7ac 65 API calls 7381->7382 7383 406b73 7382->7383 7384 406f48 12 API calls 7383->7384 7385 406b92 7384->7385 7385->7371 7387 40a7ac 65 API calls 7386->7387 7388 406baf 7387->7388 7388->7371 7391 40a7b4 7389->7391 7390 40a801 7390->7378 7391->7390 7392 408df0 64 API calls 7391->7392 7393 40a7f0 LoadStringW 7392->7393 7394 4070d0 12 API calls 7393->7394 7394->7390 7395 40b3b2 DispatchMessageW 6775 40b1b6 GetLocalTime 6776 402db9 6778 402dc3 6776->6778 6777 402dcc Sleep 6777->6778 6778->6777 6779 402de5 Sleep 6778->6779 6780 402dfe 6778->6780 6779->6778 7396 40b3ba GetClassInfoW 6781 40b1be GetLocaleInfoW

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00409E04, Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                			E00409E04(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E0040702C(_v8);
				_push(_t61);
				_push(0x409ec4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00402874();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E00407C3C( &_v20, 4,  &_v16);
				E00407DEC(_t44, _v20, _v8);
				_t29 = E00409CCC( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E00407C3C( &_v24, 4,  &_v16);
					E00407DEC(_t44, _v24, _v8);
					_t40 = E00409CCC( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00406F48(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E00409ECB);
				E00406FA8( &_v24, 2);
				return E00406F48( &_v8);
			}













                                                                                                                                                0x00409e0a
                                                                                                                                                0x00409e0d
                                                                                                                                                0x00409e10
                                                                                                                                                0x00409e13
                                                                                                                                                0x00409e15
                                                                                                                                                0x00409e1b
                                                                                                                                                0x00409e22
                                                                                                                                                0x00409e23
                                                                                                                                                0x00409e28
                                                                                                                                                0x00409e2b
                                                                                                                                                0x00409e30
                                                                                                                                                0x00409e36
                                                                                                                                                0x00409e3f
                                                                                                                                                0x00409e4f
                                                                                                                                                0x00409e5c
                                                                                                                                                0x00409e63
                                                                                                                                                0x00409e6a
                                                                                                                                                0x00409e6c
                                                                                                                                                0x00409e7d
                                                                                                                                                0x00409e8a
                                                                                                                                                0x00409e91
                                                                                                                                                0x00409e98
                                                                                                                                                0x00409e9c
                                                                                                                                                0x00409e9c
                                                                                                                                                0x00409e98
                                                                                                                                                0x00409ea3
                                                                                                                                                0x00409ea6
                                                                                                                                                0x00409ea9
                                                                                                                                                0x00409eb6
                                                                                                                                                0x00409ec3

                                                                                                                                                APIs
                                                                                                                                                • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,00409EC4,?,?), ref: 00409E36
                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,00409EC4,?,?), ref: 00409E3F
                                                                                                                                                  • Part of subcall function 00409CCC: FindFirstFileW.KERNEL32(00000000,?,00000000,00409D2A,?,00000001), ref: 00409CFF
                                                                                                                                                  • Part of subcall function 00409CCC: FindClose.KERNEL32(00000000,00000000,?,00000000,00409D2A,?,00000001), ref: 00409D0F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3216391948-0
                                                                                                                                                • Opcode ID: ded9c7ac0b999c5325c61e88323c58170cccd6dadc36e87a570d60ef0880be53
                                                                                                                                                • Instruction ID: 65de620f2e74b8c0ce9bff9e180b80b9fcb39b4a329e951541a1473207173095
                                                                                                                                                • Opcode Fuzzy Hash: ded9c7ac0b999c5325c61e88323c58170cccd6dadc36e87a570d60ef0880be53
                                                                                                                                                • Instruction Fuzzy Hash: FC118770A042099BDF00EBA5DD42AAEB3B9EF44304F50447BF904B33D2D778AE05C669
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00409CCC, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 364 409ccc-409d0c call 40702c call 407ba8 FindFirstFileW 369 409d14-409d29 call 406f48 364->369 370 409d0e-409d0f FindClose 364->370 370->369
                                                                                                                                                C-Code - Quality: 46%
                                                                                                                                                			E00409CCC(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E0040702C(_v8);
				_push(_t27);
				_push(0x409d2a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E00407BA8(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E00409D31);
				return E00406F48( &_v8);
			}








                                                                                                                                                0x00409cd5
                                                                                                                                                0x00409cd6
                                                                                                                                                0x00409cdc
                                                                                                                                                0x00409ce3
                                                                                                                                                0x00409ce4
                                                                                                                                                0x00409ce9
                                                                                                                                                0x00409cec
                                                                                                                                                0x00409cff
                                                                                                                                                0x00409d0c
                                                                                                                                                0x00409d0f
                                                                                                                                                0x00409d0f
                                                                                                                                                0x00409d16
                                                                                                                                                0x00409d19
                                                                                                                                                0x00409d1c
                                                                                                                                                0x00409d29

                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,00409D2A,?,00000001), ref: 00409CFF
                                                                                                                                                • FindClose.KERNEL32(00000000,00000000,?,00000000,00409D2A,?,00000001), ref: 00409D0F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                • Opcode ID: 19e8d59d174df1d283add6c95ed35737f83bc25e7cfd383e7118d10e6c61377c
                                                                                                                                                • Instruction ID: daba3004d8ebb30b6a3043d4ada563e9bc72c4e2ae1a488f8d87b610c453e66b
                                                                                                                                                • Opcode Fuzzy Hash: 19e8d59d174df1d283add6c95ed35737f83bc25e7cfd383e7118d10e6c61377c
                                                                                                                                                • Instruction Fuzzy Hash: 3BF0BE31944208BEC711EB75CD1299EB3ACEF8832476005B6B400F35D2EA3CAE009528
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004098FC, Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 174registrystringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                			E004098FC(char __eax, void* __ebx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t103;
				intOrPtr _t105;
				void* _t109;
				void* _t110;
				intOrPtr _t111;

				_t109 = _t110;
				_t111 = _t110 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E0040702C(_v8);
				_push(_t109);
				_push(0x409b21);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				if(_v8 != 0) {
					lstrcpynW( &_v542, E00407BA8(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(E00409B28);
					return E00406F48( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t109);
						_push(0x409b04);
						_push( *[fs:eax]);
						 *[fs:eax] = _t111;
						E00409708( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, 0x409c14, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004044CC(_v20);
								RegQueryValueExW(_v16, 0x409c14, 0, 0, _v12,  &_v20);
								E00407C00(_t97, _v12);
							}
						} else {
							_v12 = E004044CC(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00407C00(_t97, _v12);
						}
						_pop(_t105);
						 *[fs:eax] = _t105;
						_push(0x409b0b);
						if(_v12 != 0) {
							E004044E8(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                                                                                                0x004098fd
                                                                                                                                                0x004098ff
                                                                                                                                                0x00409906
                                                                                                                                                0x00409908
                                                                                                                                                0x0040990e
                                                                                                                                                0x00409915
                                                                                                                                                0x00409916
                                                                                                                                                0x0040991b
                                                                                                                                                0x0040991e
                                                                                                                                                0x00409925
                                                                                                                                                0x00409951
                                                                                                                                                0x00409927
                                                                                                                                                0x00409935
                                                                                                                                                0x00409935
                                                                                                                                                0x0040995e
                                                                                                                                                0x00409b0b
                                                                                                                                                0x00409b0d
                                                                                                                                                0x00409b10
                                                                                                                                                0x00409b13
                                                                                                                                                0x00409b20
                                                                                                                                                0x00409964
                                                                                                                                                0x00409966
                                                                                                                                                0x0040997e
                                                                                                                                                0x00409985
                                                                                                                                                0x00409a25
                                                                                                                                                0x00409a27
                                                                                                                                                0x00409a28
                                                                                                                                                0x00409a2d
                                                                                                                                                0x00409a30
                                                                                                                                                0x00409a3e
                                                                                                                                                0x00409a5f
                                                                                                                                                0x00409aae
                                                                                                                                                0x00409ab8
                                                                                                                                                0x00409ad0
                                                                                                                                                0x00409ada
                                                                                                                                                0x00409ada
                                                                                                                                                0x00409a61
                                                                                                                                                0x00409a69
                                                                                                                                                0x00409a83
                                                                                                                                                0x00409a8d
                                                                                                                                                0x00409a8d
                                                                                                                                                0x00409ae1
                                                                                                                                                0x00409ae4
                                                                                                                                                0x00409ae7
                                                                                                                                                0x00409af0
                                                                                                                                                0x00409af5
                                                                                                                                                0x00409af5
                                                                                                                                                0x00409b03
                                                                                                                                                0x0040998b
                                                                                                                                                0x004099a0
                                                                                                                                                0x004099a7
                                                                                                                                                0x00000000
                                                                                                                                                0x004099a9
                                                                                                                                                0x004099be
                                                                                                                                                0x004099c5
                                                                                                                                                0x00000000
                                                                                                                                                0x004099c7
                                                                                                                                                0x004099dc
                                                                                                                                                0x004099e3
                                                                                                                                                0x00000000
                                                                                                                                                0x004099e5
                                                                                                                                                0x004099fa
                                                                                                                                                0x00409a01
                                                                                                                                                0x00000000
                                                                                                                                                0x00409a03
                                                                                                                                                0x00409a18
                                                                                                                                                0x00409a1f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00409a1f
                                                                                                                                                0x00409a01
                                                                                                                                                0x004099e3
                                                                                                                                                0x004099c5
                                                                                                                                                0x004099a7
                                                                                                                                                0x00409985

                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,00409B21,?,?), ref: 00409935
                                                                                                                                                • lstrcpynW.KERNEL32(?,00000000,00000105,00000000,00409B21,?,?), ref: 00409951
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?,00000000,00000105,00000000,00409B21,?,?), ref: 0040997E
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?,00000000,00000105,00000000,00409B21), ref: 004099A0
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?), ref: 004099BE
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 004099DC
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 004099FA
                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 00409A18
                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00409B04,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,?,00000000), ref: 00409A58
                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,00409B04,?,80000001), ref: 00409A83
                                                                                                                                                • RegCloseKey.ADVAPI32(?,00409B0B,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,00409B04,?,80000001,Software\Embarcadero\Locales), ref: 00409AFE
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Open$QueryValue$CloseFileModuleNamelstrcpyn
                                                                                                                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                                                • API String ID: 512384800-3496071916
                                                                                                                                                • Opcode ID: 1e9b74609b1608ff3bdd422726f6ce104cff35ebff053c77ceb97ea66b5e2667
                                                                                                                                                • Instruction ID: fb289f13ee56ccd2e6aa8b4d377abf4db65de8e90ac3277964fda8f0ede3f15a
                                                                                                                                                • Opcode Fuzzy Hash: 1e9b74609b1608ff3bdd422726f6ce104cff35ebff053c77ceb97ea66b5e2667
                                                                                                                                                • Instruction Fuzzy Hash: 6851F175B40208BEEB11EA95CD46FAE73BCEB08714F50447BB604F61C2D6B8AD44CA69
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403058, Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 36 403058-40306a 37 403070-403080 36->37 38 4032b8-4032bd 36->38 39 403082-40308f 37->39 40 4030d8-4030e1 37->40 41 4033d0-4033d3 38->41 42 4032c3-4032d4 38->42 43 403091-40309e 39->43 44 4030a8-4030b4 39->44 40->39 45 4030e3-4030ef 40->45 48 402e00-402e29 VirtualAlloc 41->48 49 4033d9-4033db 41->49 46 4032d6-4032f2 42->46 47 40327c-403289 42->47 50 4030a0-4030a4 43->50 51 4030c8-4030d5 43->51 52 4030b6-4030c4 44->52 53 40312c-403135 44->53 45->39 55 4030f1-4030fd 45->55 56 403300-40330f 46->56 57 4032f4-4032fc 46->57 47->46 54 40328b-403294 47->54 58 402e5b-402e61 48->58 59 402e2b-402e58 call 402db8 48->59 66 403170-40317a 53->66 67 403137-403144 53->67 54->47 60 403296-4032aa Sleep 54->60 55->39 61 4030ff-40310b 55->61 64 403311-403325 56->64 65 403328-403330 56->65 62 40335c-403372 57->62 59->58 60->46 72 4032ac-4032b3 Sleep 60->72 61->40 73 40310d-40311d Sleep 61->73 70 403374-403382 62->70 71 40338b-403397 62->71 64->62 75 403332-40334a 65->75 76 40334c-40334e call 402d40 65->76 68 4031ec-4031f8 66->68 69 40317c-4031a7 66->69 67->66 77 403146-40314f 67->77 86 403220-40322f call 402d40 68->86 87 4031fa-40320c 68->87 81 4031c0-4031ce 69->81 82 4031a9-4031b7 69->82 70->71 83 403384 70->83 84 4033b8 71->84 85 403399-4033ac 71->85 72->47 73->39 88 403123-40312a Sleep 73->88 78 403353-40335b 75->78 76->78 77->67 79 403151-403165 Sleep 77->79 79->66 89 403167-40316e Sleep 79->89 91 4031d0-4031ea call 402c74 81->91 92 40323c 81->92 82->81 90 4031b9 82->90 83->71 93 4033bd-4033cf 84->93 85->93 94 4033ae-4033b3 call 402c74 85->94 99 403241-40327a 86->99 102 403231-40323b 86->102 95 403210-40321e 87->95 96 40320e 87->96 88->40 89->67 90->81 91->99 92->99 94->93 95->99 96->95
                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                			E00403058(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t140;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t140 = __eax + 3 >> 3;
				_t129 =  *0x45a059; // 0x1
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t156 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00402DB8(_t96, _t140, _t147);
								_t99 =  *0x45cb00; // 0x45cafc
								 *_t147 = 0x45cafc;
								 *0x45cb00 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x45caf8 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t125 = (__eax + 0x000000d3 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x45aa68], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x45a909;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x45aa68], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t141 = _t125 - 0xb30;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x45aa78 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x45aa74;
							if((0xfffffffe << _t132 &  *0x45aa74) == 0) {
								_t133 =  *0x45aa70; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00402D40(_t125, _t142);
								} else {
									_t110 =  *0x45aa6c; // 0x258fff0
									_t109 = _t110 - _t125;
									 *0x45aa6c = _t109;
									 *0x45aa70 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x45aa68 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x45aaf8 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x45aa78 + _t142 * 4;
								 *_t80 =  *(0x45aa78 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x45aa74], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00402C74(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							 *(_t159 - 4) = _t125 + 2;
							 *0x45aa68 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					__eax =  *(__edx + 0x45a910) & 0x000000ff;
					__ebx = 0x458074 + ( *(__edx + 0x45a910) & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x45a909;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x45a059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x45aa68], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x45a909;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x45aa68], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x45aa74;
							__eflags =  *(__ebx + 1) &  *0x45aa74;
							if(( *(__ebx + 1) &  *0x45aa74) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x45aa70; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00402D40(__eax, __edx);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x45aa68 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x45aa6c; // 0x258fff0
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x45aa70 =  *0x45aa70 - __edi;
									 *0x45aa6c = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x45aa78 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x45aa78 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x45aaf8 + ( *(0x45aa78 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x45aa78 + __eax * 4;
									 *_t38 =  *(0x45aa78 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x45aa74], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00402C74(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x45aa68 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x2590010
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}































                                                                                                                                                0x0040305b
                                                                                                                                                0x00403064
                                                                                                                                                0x0040306a
                                                                                                                                                0x004032b8
                                                                                                                                                0x004032bd
                                                                                                                                                0x004033d0
                                                                                                                                                0x004033d1
                                                                                                                                                0x004033d3
                                                                                                                                                0x00402e00
                                                                                                                                                0x00402e04
                                                                                                                                                0x00402e10
                                                                                                                                                0x00402e20
                                                                                                                                                0x00402e25
                                                                                                                                                0x00402e29
                                                                                                                                                0x00402e2b
                                                                                                                                                0x00402e2d
                                                                                                                                                0x00402e33
                                                                                                                                                0x00402e36
                                                                                                                                                0x00402e3b
                                                                                                                                                0x00402e40
                                                                                                                                                0x00402e46
                                                                                                                                                0x00402e4c
                                                                                                                                                0x00402e4f
                                                                                                                                                0x00402e51
                                                                                                                                                0x00402e58
                                                                                                                                                0x00402e58
                                                                                                                                                0x00402e61
                                                                                                                                                0x004033d9
                                                                                                                                                0x004033d9
                                                                                                                                                0x004033db
                                                                                                                                                0x004033db
                                                                                                                                                0x004032c3
                                                                                                                                                0x004032cf
                                                                                                                                                0x004032d2
                                                                                                                                                0x004032d4
                                                                                                                                                0x0040327c
                                                                                                                                                0x00403281
                                                                                                                                                0x00403289
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040328b
                                                                                                                                                0x0040328d
                                                                                                                                                0x00403294
                                                                                                                                                0x00000000
                                                                                                                                                0x00403296
                                                                                                                                                0x00403298
                                                                                                                                                0x004032a2
                                                                                                                                                0x004032aa
                                                                                                                                                0x004032ae
                                                                                                                                                0x00000000
                                                                                                                                                0x004032ae
                                                                                                                                                0x004032aa
                                                                                                                                                0x00000000
                                                                                                                                                0x00403294
                                                                                                                                                0x0040327c
                                                                                                                                                0x004032d6
                                                                                                                                                0x004032d6
                                                                                                                                                0x004032de
                                                                                                                                                0x004032e1
                                                                                                                                                0x004032eb
                                                                                                                                                0x004032eb
                                                                                                                                                0x004032f2
                                                                                                                                                0x00403305
                                                                                                                                                0x00403309
                                                                                                                                                0x0040330f
                                                                                                                                                0x00403328
                                                                                                                                                0x0040332e
                                                                                                                                                0x0040332e
                                                                                                                                                0x00403330
                                                                                                                                                0x0040334e
                                                                                                                                                0x00403332
                                                                                                                                                0x00403332
                                                                                                                                                0x00403337
                                                                                                                                                0x00403339
                                                                                                                                                0x0040333e
                                                                                                                                                0x00403347
                                                                                                                                                0x00403347
                                                                                                                                                0x00403353
                                                                                                                                                0x0040335b
                                                                                                                                                0x00403311
                                                                                                                                                0x00403311
                                                                                                                                                0x0040331b
                                                                                                                                                0x00403323
                                                                                                                                                0x00000000
                                                                                                                                                0x00403323
                                                                                                                                                0x004032f4
                                                                                                                                                0x004032f7
                                                                                                                                                0x004032fa
                                                                                                                                                0x0040335c
                                                                                                                                                0x0040335c
                                                                                                                                                0x0040335d
                                                                                                                                                0x0040335e
                                                                                                                                                0x00403365
                                                                                                                                                0x00403368
                                                                                                                                                0x0040336b
                                                                                                                                                0x0040336e
                                                                                                                                                0x00403370
                                                                                                                                                0x00403372
                                                                                                                                                0x00403379
                                                                                                                                                0x0040337b
                                                                                                                                                0x0040337b
                                                                                                                                                0x0040337b
                                                                                                                                                0x00403382
                                                                                                                                                0x00403384
                                                                                                                                                0x00403384
                                                                                                                                                0x00403382
                                                                                                                                                0x00403390
                                                                                                                                                0x00403395
                                                                                                                                                0x00403395
                                                                                                                                                0x00403397
                                                                                                                                                0x004033b8
                                                                                                                                                0x004033b8
                                                                                                                                                0x004033b8
                                                                                                                                                0x00403399
                                                                                                                                                0x00403399
                                                                                                                                                0x0040339f
                                                                                                                                                0x004033a2
                                                                                                                                                0x004033a6
                                                                                                                                                0x004033ac
                                                                                                                                                0x004033ae
                                                                                                                                                0x004033ae
                                                                                                                                                0x004033ac
                                                                                                                                                0x004033c0
                                                                                                                                                0x004033c3
                                                                                                                                                0x004033cf
                                                                                                                                                0x004033cf
                                                                                                                                                0x004032f2
                                                                                                                                                0x00403070
                                                                                                                                                0x00403070
                                                                                                                                                0x00403072
                                                                                                                                                0x00403079
                                                                                                                                                0x00403080
                                                                                                                                                0x004030d8
                                                                                                                                                0x004030d8
                                                                                                                                                0x004030dd
                                                                                                                                                0x004030e1
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004030e3
                                                                                                                                                0x004030e3
                                                                                                                                                0x004030e6
                                                                                                                                                0x004030eb
                                                                                                                                                0x004030ef
                                                                                                                                                0x004030f1
                                                                                                                                                0x004030f1
                                                                                                                                                0x004030f4
                                                                                                                                                0x004030f9
                                                                                                                                                0x004030fd
                                                                                                                                                0x004030ff
                                                                                                                                                0x00403102
                                                                                                                                                0x00403104
                                                                                                                                                0x0040310b
                                                                                                                                                0x00000000
                                                                                                                                                0x0040310d
                                                                                                                                                0x0040310f
                                                                                                                                                0x00403114
                                                                                                                                                0x00403119
                                                                                                                                                0x0040311d
                                                                                                                                                0x00403125
                                                                                                                                                0x00000000
                                                                                                                                                0x00403125
                                                                                                                                                0x0040311d
                                                                                                                                                0x0040310b
                                                                                                                                                0x004030fd
                                                                                                                                                0x00000000
                                                                                                                                                0x004030ef
                                                                                                                                                0x004030d8
                                                                                                                                                0x00403082
                                                                                                                                                0x00403082
                                                                                                                                                0x00403085
                                                                                                                                                0x00403088
                                                                                                                                                0x0040308d
                                                                                                                                                0x0040308f
                                                                                                                                                0x004030a8
                                                                                                                                                0x004030ab
                                                                                                                                                0x004030af
                                                                                                                                                0x004030b1
                                                                                                                                                0x004030b4
                                                                                                                                                0x0040312c
                                                                                                                                                0x0040312d
                                                                                                                                                0x0040312e
                                                                                                                                                0x00403135
                                                                                                                                                0x00403137
                                                                                                                                                0x00403137
                                                                                                                                                0x0040313c
                                                                                                                                                0x00403144
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403146
                                                                                                                                                0x00403148
                                                                                                                                                0x0040314f
                                                                                                                                                0x00000000
                                                                                                                                                0x00403151
                                                                                                                                                0x00403153
                                                                                                                                                0x00403158
                                                                                                                                                0x0040315d
                                                                                                                                                0x00403165
                                                                                                                                                0x00403169
                                                                                                                                                0x00000000
                                                                                                                                                0x00403169
                                                                                                                                                0x00403165
                                                                                                                                                0x00000000
                                                                                                                                                0x0040314f
                                                                                                                                                0x00403137
                                                                                                                                                0x00403170
                                                                                                                                                0x00403174
                                                                                                                                                0x00403174
                                                                                                                                                0x0040317a
                                                                                                                                                0x004031ec
                                                                                                                                                0x004031f0
                                                                                                                                                0x004031f6
                                                                                                                                                0x004031f8
                                                                                                                                                0x00403220
                                                                                                                                                0x00403224
                                                                                                                                                0x00403226
                                                                                                                                                0x0040322b
                                                                                                                                                0x0040322d
                                                                                                                                                0x0040322f
                                                                                                                                                0x00000000
                                                                                                                                                0x00403231
                                                                                                                                                0x00403231
                                                                                                                                                0x00403236
                                                                                                                                                0x00403238
                                                                                                                                                0x00403239
                                                                                                                                                0x0040323a
                                                                                                                                                0x0040323b
                                                                                                                                                0x0040323b
                                                                                                                                                0x004031fa
                                                                                                                                                0x004031fa
                                                                                                                                                0x00403200
                                                                                                                                                0x00403204
                                                                                                                                                0x0040320a
                                                                                                                                                0x0040320c
                                                                                                                                                0x0040320e
                                                                                                                                                0x0040320e
                                                                                                                                                0x00403210
                                                                                                                                                0x00403212
                                                                                                                                                0x00403218
                                                                                                                                                0x00000000
                                                                                                                                                0x00403218
                                                                                                                                                0x0040317c
                                                                                                                                                0x0040317c
                                                                                                                                                0x0040317f
                                                                                                                                                0x00403186
                                                                                                                                                0x0040318d
                                                                                                                                                0x00403190
                                                                                                                                                0x00403193
                                                                                                                                                0x0040319a
                                                                                                                                                0x0040319d
                                                                                                                                                0x004031a0
                                                                                                                                                0x004031a3
                                                                                                                                                0x004031a5
                                                                                                                                                0x004031a7
                                                                                                                                                0x004031a9
                                                                                                                                                0x004031ae
                                                                                                                                                0x004031b0
                                                                                                                                                0x004031b0
                                                                                                                                                0x004031b0
                                                                                                                                                0x004031b7
                                                                                                                                                0x004031b9
                                                                                                                                                0x004031b9
                                                                                                                                                0x004031b7
                                                                                                                                                0x004031c0
                                                                                                                                                0x004031c5
                                                                                                                                                0x004031c8
                                                                                                                                                0x004031ce
                                                                                                                                                0x0040323c
                                                                                                                                                0x0040323c
                                                                                                                                                0x0040323c
                                                                                                                                                0x004031d0
                                                                                                                                                0x004031d0
                                                                                                                                                0x004031d2
                                                                                                                                                0x004031d6
                                                                                                                                                0x004031d8
                                                                                                                                                0x004031db
                                                                                                                                                0x004031de
                                                                                                                                                0x004031e1
                                                                                                                                                0x004031e5
                                                                                                                                                0x004031e5
                                                                                                                                                0x00403241
                                                                                                                                                0x00403241
                                                                                                                                                0x00403241
                                                                                                                                                0x00403244
                                                                                                                                                0x00403247
                                                                                                                                                0x00403249
                                                                                                                                                0x0040324e
                                                                                                                                                0x00403250
                                                                                                                                                0x00403253
                                                                                                                                                0x0040325a
                                                                                                                                                0x0040325d
                                                                                                                                                0x0040325d
                                                                                                                                                0x00403260
                                                                                                                                                0x00403264
                                                                                                                                                0x00403267
                                                                                                                                                0x0040326a
                                                                                                                                                0x0040326c
                                                                                                                                                0x0040326c
                                                                                                                                                0x0040326e
                                                                                                                                                0x00403271
                                                                                                                                                0x00403274
                                                                                                                                                0x00403277
                                                                                                                                                0x00403278
                                                                                                                                                0x00403279
                                                                                                                                                0x0040327a
                                                                                                                                                0x0040327a
                                                                                                                                                0x004030b6
                                                                                                                                                0x004030b6
                                                                                                                                                0x004030b6
                                                                                                                                                0x004030b6
                                                                                                                                                0x004030ba
                                                                                                                                                0x004030bd
                                                                                                                                                0x004030c0
                                                                                                                                                0x004030c3
                                                                                                                                                0x004030c4
                                                                                                                                                0x004030c4
                                                                                                                                                0x00403091
                                                                                                                                                0x00403091
                                                                                                                                                0x00403095
                                                                                                                                                0x00403095
                                                                                                                                                0x00403098
                                                                                                                                                0x0040309b
                                                                                                                                                0x0040309e
                                                                                                                                                0x004030c8
                                                                                                                                                0x004030cb
                                                                                                                                                0x004030ce
                                                                                                                                                0x004030d1
                                                                                                                                                0x004030d4
                                                                                                                                                0x004030d5
                                                                                                                                                0x004030a0
                                                                                                                                                0x004030a0
                                                                                                                                                0x004030a3
                                                                                                                                                0x004030a4
                                                                                                                                                0x004030a4
                                                                                                                                                0x0040309e
                                                                                                                                                0x0040308f

                                                                                                                                                APIs
                                                                                                                                                • Sleep.KERNEL32(00000000,FFFFFFDC,00403024), ref: 0040310F
                                                                                                                                                • Sleep.KERNEL32(0000000A,00000000,FFFFFFDC,00403024), ref: 00403125
                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,FFFFFFDC,00403024), ref: 00403153
                                                                                                                                                • Sleep.KERNEL32(0000000A,00000000,?,?,FFFFFFDC,00403024), ref: 00403169
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Sleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                • Opcode ID: 35d25aad1f7fc4716a0dfc02f7a215eb0f1f60094d603e12b1297e6ec73346e6
                                                                                                                                                • Instruction ID: d24c38d3cd346257549e836a0e34f297571455aa338da2ddacc15011fe2918f0
                                                                                                                                                • Opcode Fuzzy Hash: 35d25aad1f7fc4716a0dfc02f7a215eb0f1f60094d603e12b1297e6ec73346e6
                                                                                                                                                • Instruction Fuzzy Hash: 6BC126726013508BD715CF28D984316BFE5BB89312F1882BFD444AB3D6C774EA91C799
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004033DC, Relevance: 7.7, APIs: 6, Instructions: 196sleepCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 105 4033dc-4033eb 106 4033f1-4033f5 105->106 107 4034d4-4034d7 105->107 108 4033f7-4033fe 106->108 109 403458-403461 106->109 110 4035c4-4035c8 107->110 111 4034dd-4034e7 107->111 115 403400-40340b 108->115 116 40342c-40342e 108->116 109->108 114 403463-40346c 109->114 112 402e64-402e89 call 402db8 110->112 113 4035ce-4035d3 110->113 117 403498-4034a5 111->117 118 4034e9-4034f5 111->118 136 402ea5-402eac 112->136 137 402e8b-402e9a VirtualFree 112->137 114->109 119 40346e-403482 Sleep 114->119 122 403414-403429 115->122 123 40340d-403412 115->123 126 403430-403441 116->126 127 403443 116->127 117->118 120 4034a7-4034b0 117->120 124 4034f7-4034fa 118->124 125 40352c-40353a 118->125 119->108 131 403488-403493 Sleep 119->131 120->117 132 4034b2-4034c6 Sleep 120->132 130 4034fe-403502 124->130 129 40353c-403541 call 402c34 125->129 125->130 126->127 128 403446-403453 126->128 127->128 128->111 129->130 138 403544-403551 130->138 139 403504-40350a 130->139 131->109 132->118 135 4034c8-4034cf Sleep 132->135 135->117 146 402eae-402eca VirtualQuery VirtualFree 136->146 144 402ea0-402ea3 137->144 145 402e9c-402e9e 137->145 138->139 143 403553-40355a call 402c34 138->143 140 40355c-403566 139->140 141 40350c-40352a call 402c74 139->141 149 403594-4035c1 call 402cd4 140->149 150 403568-403590 VirtualFree 140->150 143->139 151 402edf-402ee1 144->151 145->151 152 402ed1-402ed7 146->152 153 402ecc-402ecf 146->153 156 402ee3-402ef3 151->156 157 402ef6-402f06 151->157 152->151 154 402ed9-402edd 152->154 153->151 154->146 156->157
                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                			E004033DC(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x45a059; // 0x1
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00402DB8(__eax, _t89, __edi);
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x45caf8 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x45a909;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x45a059; // 0x1
						L31:
						_t95 = _t89 & 0xfffffff0;
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x45aa68], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x45a909;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x45aa68], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00402C34(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00402C34(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x45aa70 - 0x13ffe0;
							if( *0x45aa70 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00402CD4(_t67, _t95);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x45aa70 = 0x13ffe0;
								 *0x45aa6c = _t82;
								 *0x45aa68 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x45aa68 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00402C74(_t106, _t88, _t81);
							 *0x45aa68 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}





























                                                                                                                                                0x004033dc
                                                                                                                                                0x004033dc
                                                                                                                                                0x004033e5
                                                                                                                                                0x004033eb
                                                                                                                                                0x004034d4
                                                                                                                                                0x004034d7
                                                                                                                                                0x004035c4
                                                                                                                                                0x004035c5
                                                                                                                                                0x004035c8
                                                                                                                                                0x00402e64
                                                                                                                                                0x00402e66
                                                                                                                                                0x00402e68
                                                                                                                                                0x00402e6d
                                                                                                                                                0x00402e70
                                                                                                                                                0x00402e75
                                                                                                                                                0x00402e79
                                                                                                                                                0x00402e7f
                                                                                                                                                0x00402e83
                                                                                                                                                0x00402e89
                                                                                                                                                0x00402ea5
                                                                                                                                                0x00402ea9
                                                                                                                                                0x00402eac
                                                                                                                                                0x00402eac
                                                                                                                                                0x00402eae
                                                                                                                                                0x00402eb6
                                                                                                                                                0x00402ec3
                                                                                                                                                0x00402ec8
                                                                                                                                                0x00402eca
                                                                                                                                                0x00402ecc
                                                                                                                                                0x00402ecf
                                                                                                                                                0x00402ecf
                                                                                                                                                0x00402ed1
                                                                                                                                                0x00402ed5
                                                                                                                                                0x00402ed7
                                                                                                                                                0x00402ed9
                                                                                                                                                0x00402edb
                                                                                                                                                0x00000000
                                                                                                                                                0x00402edb
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ed7
                                                                                                                                                0x00402e8b
                                                                                                                                                0x00402e93
                                                                                                                                                0x00402e9a
                                                                                                                                                0x00402ea0
                                                                                                                                                0x00402e9c
                                                                                                                                                0x00402e9c
                                                                                                                                                0x00402e9c
                                                                                                                                                0x00402e9a
                                                                                                                                                0x00402edf
                                                                                                                                                0x00402ee1
                                                                                                                                                0x00402eea
                                                                                                                                                0x00402ef3
                                                                                                                                                0x00402ef3
                                                                                                                                                0x00402ef6
                                                                                                                                                0x00402f06
                                                                                                                                                0x004035ce
                                                                                                                                                0x004035d3
                                                                                                                                                0x004035d3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004033f1
                                                                                                                                                0x004033f1
                                                                                                                                                0x004033f3
                                                                                                                                                0x004033f5
                                                                                                                                                0x00403458
                                                                                                                                                0x00403458
                                                                                                                                                0x0040345d
                                                                                                                                                0x00403461
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403463
                                                                                                                                                0x00403465
                                                                                                                                                0x0040346c
                                                                                                                                                0x00000000
                                                                                                                                                0x0040346e
                                                                                                                                                0x00403472
                                                                                                                                                0x00403477
                                                                                                                                                0x00403478
                                                                                                                                                0x00403479
                                                                                                                                                0x0040347e
                                                                                                                                                0x00403482
                                                                                                                                                0x0040348c
                                                                                                                                                0x00403491
                                                                                                                                                0x00403492
                                                                                                                                                0x00000000
                                                                                                                                                0x00403492
                                                                                                                                                0x00403482
                                                                                                                                                0x00000000
                                                                                                                                                0x0040346c
                                                                                                                                                0x00403458
                                                                                                                                                0x004033f7
                                                                                                                                                0x004033f7
                                                                                                                                                0x004033f7
                                                                                                                                                0x004033f7
                                                                                                                                                0x004033fb
                                                                                                                                                0x004033fe
                                                                                                                                                0x0040342c
                                                                                                                                                0x0040342e
                                                                                                                                                0x00403443
                                                                                                                                                0x00403443
                                                                                                                                                0x00403430
                                                                                                                                                0x00403430
                                                                                                                                                0x00403433
                                                                                                                                                0x00403436
                                                                                                                                                0x00403439
                                                                                                                                                0x0040343c
                                                                                                                                                0x0040343e
                                                                                                                                                0x00403441
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403441
                                                                                                                                                0x00403446
                                                                                                                                                0x00403448
                                                                                                                                                0x0040344a
                                                                                                                                                0x0040344d
                                                                                                                                                0x004034dd
                                                                                                                                                0x004034dd
                                                                                                                                                0x004034e0
                                                                                                                                                0x004034e2
                                                                                                                                                0x004034e4
                                                                                                                                                0x004034e5
                                                                                                                                                0x004034e7
                                                                                                                                                0x00403498
                                                                                                                                                0x00403498
                                                                                                                                                0x0040349d
                                                                                                                                                0x004034a5
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004034a7
                                                                                                                                                0x004034a9
                                                                                                                                                0x004034b0
                                                                                                                                                0x00000000
                                                                                                                                                0x004034b2
                                                                                                                                                0x004034b4
                                                                                                                                                0x004034b9
                                                                                                                                                0x004034be
                                                                                                                                                0x004034c6
                                                                                                                                                0x004034ca
                                                                                                                                                0x00000000
                                                                                                                                                0x004034ca
                                                                                                                                                0x004034c6
                                                                                                                                                0x00000000
                                                                                                                                                0x004034b0
                                                                                                                                                0x00403498
                                                                                                                                                0x004034e9
                                                                                                                                                0x004034e9
                                                                                                                                                0x004034f1
                                                                                                                                                0x004034f5
                                                                                                                                                0x0040352c
                                                                                                                                                0x0040352f
                                                                                                                                                0x00403532
                                                                                                                                                0x00403534
                                                                                                                                                0x0040353a
                                                                                                                                                0x0040353c
                                                                                                                                                0x0040353c
                                                                                                                                                0x004034f7
                                                                                                                                                0x004034f7
                                                                                                                                                0x004034f7
                                                                                                                                                0x004034fa
                                                                                                                                                0x004034fa
                                                                                                                                                0x004034fe
                                                                                                                                                0x00403502
                                                                                                                                                0x00403544
                                                                                                                                                0x00403547
                                                                                                                                                0x00403549
                                                                                                                                                0x0040354b
                                                                                                                                                0x00403551
                                                                                                                                                0x00403555
                                                                                                                                                0x00403555
                                                                                                                                                0x00403551
                                                                                                                                                0x00403504
                                                                                                                                                0x0040350a
                                                                                                                                                0x0040355c
                                                                                                                                                0x00403566
                                                                                                                                                0x00403594
                                                                                                                                                0x0040359a
                                                                                                                                                0x0040359f
                                                                                                                                                0x004035a6
                                                                                                                                                0x004035b0
                                                                                                                                                0x004035b6
                                                                                                                                                0x004035bd
                                                                                                                                                0x004035c1
                                                                                                                                                0x00403568
                                                                                                                                                0x00403568
                                                                                                                                                0x0040356b
                                                                                                                                                0x0040356d
                                                                                                                                                0x00403570
                                                                                                                                                0x00403573
                                                                                                                                                0x00403575
                                                                                                                                                0x00403584
                                                                                                                                                0x00403589
                                                                                                                                                0x0040358c
                                                                                                                                                0x00403590
                                                                                                                                                0x00403590
                                                                                                                                                0x0040350c
                                                                                                                                                0x0040350f
                                                                                                                                                0x00403512
                                                                                                                                                0x0040351a
                                                                                                                                                0x0040351f
                                                                                                                                                0x00403526
                                                                                                                                                0x0040352a
                                                                                                                                                0x0040352a
                                                                                                                                                0x00403400
                                                                                                                                                0x00403400
                                                                                                                                                0x00403402
                                                                                                                                                0x00403408
                                                                                                                                                0x0040340b
                                                                                                                                                0x00403414
                                                                                                                                                0x00403417
                                                                                                                                                0x0040341a
                                                                                                                                                0x0040341d
                                                                                                                                                0x00403420
                                                                                                                                                0x00403423
                                                                                                                                                0x00403426
                                                                                                                                                0x00403426
                                                                                                                                                0x00403428
                                                                                                                                                0x00403429
                                                                                                                                                0x0040340d
                                                                                                                                                0x0040340d
                                                                                                                                                0x0040340d
                                                                                                                                                0x0040340f
                                                                                                                                                0x00403411
                                                                                                                                                0x00403412
                                                                                                                                                0x00403412
                                                                                                                                                0x0040340b
                                                                                                                                                0x004033fe

                                                                                                                                                APIs
                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,00000000,0040304C), ref: 00403472
                                                                                                                                                • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040304C), ref: 0040348C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Sleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                • Opcode ID: c42a46366db05217e8d4c3ff05f57bb59f7c25d2e7563aabde72f0078aa95261
                                                                                                                                                • Instruction ID: 8a3b1117f4a5933337f6a98e515e9c43cff1a278d4390d63e0247294b9bdf338
                                                                                                                                                • Opcode Fuzzy Hash: c42a46366db05217e8d4c3ff05f57bb59f7c25d2e7563aabde72f0078aa95261
                                                                                                                                                • Instruction Fuzzy Hash: 4261D3716043405FD716CF29CA88B16BFD8AB45316F18827FD4449B3E2D678DD41CB5A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406D48, Relevance: 4.6, APIs: 3, Instructions: 92threadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 161 406d48-406d5d 162 406d70-406d77 161->162 163 406d5f-406d6b call 406c1c call 406cb0 161->163 165 406d79-406d84 GetCurrentThreadId 162->165 166 406d9a-406d9e 162->166 163->162 165->166 168 406d86-406d95 call 4069b8 call 406c84 165->168 169 406da0-406da3 166->169 170 406db4-406db8 166->170 168->166 169->170 175 406da5-406db2 169->175 171 406dc8-406dd1 call 404570 170->171 172 406dba-406dc1 170->172 183 406dd3-406de3 call 40570c call 404570 171->183 184 406de5-406dee call 4069e0 171->184 172->171 176 406dc3-406dc5 172->176 175->170 176->171 183->184 190 406df0-406df7 184->190 191 406df9-406dfe 184->191 190->191 193 406e1f-406e2a call 4069b8 190->193 191->193 194 406e00-406e13 call 40a1b8 191->194 200 406e2c 193->200 201 406e2f-406e33 193->201 194->193 199 406e15-406e17 194->199 199->193 202 406e19-406e1a FreeLibrary 199->202 200->201 203 406e35-406e37 call 406c84 201->203 204 406e3c-406e3f 201->204 202->193 203->204 206 406e41-406e48 204->206 207 406e5b 204->207 208 406e50-406e56 ExitProcess 206->208 209 406e4a 206->209 209->208
                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                			E00406D48() {
				void* _t14;
				int _t21;
				void* _t33;
				void* _t47;
				struct HINSTANCE__* _t54;
				void* _t58;

				if( *0x458004 != 0) {
					E00406C1C();
					E00406CB0(_t47);
					 *0x458004 = 0;
				}
				if( *0x45cb4c != 0 && GetCurrentThreadId() ==  *0x45cb74) {
					E004069B8(0x45cb48);
					E00406C84(0x45cb48);
				}
				if( *0x0045CB40 != 0 ||  *0x45a054 == 0) {
					L8:
					if( *((char*)(0x45cb40)) == 2 &&  *0x458000 == 0) {
						 *0x0045CB24 = 0;
					}
					_t14 = E00404570();
					_t45 = _t14;
					if(_t14 == 0) {
						L13:
						E004069E0();
						if( *((char*)(0x45cb40)) <= 1 ||  *0x458000 != 0) {
							_t57 =  *0x0045CB28;
							if( *0x0045CB28 != 0) {
								E0040A1B8(_t57);
								_t7 =  *((intOrPtr*)(0x45cb28)) + 0x10; // 0x400000
								_t54 =  *_t7;
								_t9 =  *((intOrPtr*)(0x45cb28)) + 4; // 0x400000
								if(_t54 !=  *_t9 && _t54 != 0) {
									FreeLibrary(_t54);
								}
							}
						}
						E004069B8(0x45cb18);
						if( *((char*)(0x45cb40)) == 1) {
							 *0x0045CB3C();
						}
						if( *((char*)(0x45cb40)) != 0) {
							E00406C84(0x45cb18);
						}
						if( *0x45cb18 == 0) {
							if( *0x45a034 != 0) {
								 *0x45a034();
							}
							_t21 =  *0x458000; // 0x0
							ExitProcess(_t21); // executed
						}
						memcpy(0x45cb18,  *0x45cb18, 0xc << 2);
						_t58 = _t58 + 0xc;
						0x45cb18 = 0x45cb18;
						goto L8;
					} else {
						do {
							E0040570C(_t45);
							_t33 = E00404570();
							_t45 = _t33;
						} while (_t33 != 0);
						goto L13;
					}
				} else {
					do {
						 *0x45a054 = 0;
						 *((intOrPtr*)( *0x45a054))();
					} while ( *0x45a054 != 0);
					L8:
					while(1) {
					}
				}
			}









                                                                                                                                                0x00406d5d
                                                                                                                                                0x00406d5f
                                                                                                                                                0x00406d64
                                                                                                                                                0x00406d6b
                                                                                                                                                0x00406d6b
                                                                                                                                                0x00406d77
                                                                                                                                                0x00406d8b
                                                                                                                                                0x00406d95
                                                                                                                                                0x00406d95
                                                                                                                                                0x00406d9e
                                                                                                                                                0x00406db4
                                                                                                                                                0x00406db8
                                                                                                                                                0x00406dc5
                                                                                                                                                0x00406dc5
                                                                                                                                                0x00406dc8
                                                                                                                                                0x00406dcd
                                                                                                                                                0x00406dd1
                                                                                                                                                0x00406de5
                                                                                                                                                0x00406de5
                                                                                                                                                0x00406dee
                                                                                                                                                0x00406df9
                                                                                                                                                0x00406dfe
                                                                                                                                                0x00406e02
                                                                                                                                                0x00406e0a
                                                                                                                                                0x00406e0a
                                                                                                                                                0x00406e10
                                                                                                                                                0x00406e13
                                                                                                                                                0x00406e1a
                                                                                                                                                0x00406e1a
                                                                                                                                                0x00406e13
                                                                                                                                                0x00406dfe
                                                                                                                                                0x00406e21
                                                                                                                                                0x00406e2a
                                                                                                                                                0x00406e2c
                                                                                                                                                0x00406e2c
                                                                                                                                                0x00406e33
                                                                                                                                                0x00406e37
                                                                                                                                                0x00406e37
                                                                                                                                                0x00406e3f
                                                                                                                                                0x00406e48
                                                                                                                                                0x00406e4a
                                                                                                                                                0x00406e4a
                                                                                                                                                0x00406e50
                                                                                                                                                0x00406e56
                                                                                                                                                0x00406e56
                                                                                                                                                0x00406e67
                                                                                                                                                0x00406e67
                                                                                                                                                0x00406e69
                                                                                                                                                0x00000000
                                                                                                                                                0x00406dd3
                                                                                                                                                0x00406dd3
                                                                                                                                                0x00406dd5
                                                                                                                                                0x00406dda
                                                                                                                                                0x00406ddf
                                                                                                                                                0x00406de1
                                                                                                                                                0x00000000
                                                                                                                                                0x00406dd3
                                                                                                                                                0x00406da5
                                                                                                                                                0x00406da5
                                                                                                                                                0x00406dab
                                                                                                                                                0x00406dad
                                                                                                                                                0x00406daf
                                                                                                                                                0x00000000
                                                                                                                                                0x00406db4
                                                                                                                                                0x00000000
                                                                                                                                                0x00406db4

                                                                                                                                                APIs
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00406D79
                                                                                                                                                • FreeLibrary.KERNEL32(00400000,?,?,?,?,00406E7E,004045BB,00404602,?,?,0040461B), ref: 00406E1A
                                                                                                                                                • ExitProcess.KERNEL32(00000000,?,?,?,?,00406E7E,004045BB,00404602,?,?,0040461B), ref: 00406E56
                                                                                                                                                  • Part of subcall function 00406CB0: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?,?,00406E7E,004045BB,00404602), ref: 00406CE9
                                                                                                                                                  • Part of subcall function 00406CB0: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?,?,00406E7E,004045BB,00404602), ref: 00406CEF
                                                                                                                                                  • Part of subcall function 00406CB0: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?), ref: 00406D0A
                                                                                                                                                  • Part of subcall function 00406CB0: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69), ref: 00406D10
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3490077880-0
                                                                                                                                                • Opcode ID: 597c0ee9381f91864c1514338d105ea8cc2131478cfe5a74760ac8907fc132b7
                                                                                                                                                • Instruction ID: 51c4e82f996f95945f9b8cab1d62ca9a785d7985c835cc21ab9af9c07338cf3a
                                                                                                                                                • Opcode Fuzzy Hash: 597c0ee9381f91864c1514338d105ea8cc2131478cfe5a74760ac8907fc132b7
                                                                                                                                                • Instruction Fuzzy Hash: 2D31BE306003018BDB30AB69D48971B76E5AF04719F06053FE546A73D2DB7CD8A8CB5E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406D40, Relevance: 4.6, APIs: 3, Instructions: 87threadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 210 406d40-406d5d 211 406d70-406d77 210->211 212 406d5f-406d6b call 406c1c call 406cb0 210->212 214 406d79-406d84 GetCurrentThreadId 211->214 215 406d9a-406d9e 211->215 212->211 214->215 217 406d86-406d95 call 4069b8 call 406c84 214->217 218 406da0-406da3 215->218 219 406db4-406db8 215->219 217->215 218->219 224 406da5-406db2 218->224 220 406dc8-406dd1 call 404570 219->220 221 406dba-406dc1 219->221 232 406dd3-406de3 call 40570c call 404570 220->232 233 406de5-406dee call 4069e0 220->233 221->220 225 406dc3-406dc5 221->225 224->219 225->220 232->233 239 406df0-406df7 233->239 240 406df9-406dfe 233->240 239->240 242 406e1f-406e2a call 4069b8 239->242 240->242 243 406e00-406e13 call 40a1b8 240->243 249 406e2c 242->249 250 406e2f-406e33 242->250 243->242 248 406e15-406e17 243->248 248->242 251 406e19-406e1a FreeLibrary 248->251 249->250 252 406e35-406e37 call 406c84 250->252 253 406e3c-406e3f 250->253 251->242 252->253 255 406e41-406e48 253->255 256 406e5b 253->256 257 406e50-406e56 ExitProcess 255->257 258 406e4a 255->258 258->257
                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                			E00406D40() {
				intOrPtr* _t14;
				void* _t17;
				int _t24;
				void* _t36;
				void* _t51;
				struct HINSTANCE__* _t59;
				void* _t65;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x458004 != 0) {
					E00406C1C();
					E00406CB0(_t51);
					 *0x458004 = 0;
				}
				if( *0x45cb4c != 0 && GetCurrentThreadId() ==  *0x45cb74) {
					E004069B8(0x45cb48);
					E00406C84(0x45cb48);
				}
				if( *0x0045CB40 != 0 ||  *0x45a054 == 0) {
					L9:
					if( *((char*)(0x45cb40)) == 2 &&  *0x458000 == 0) {
						 *0x0045CB24 = 0;
					}
					_t17 = E00404570();
					_t49 = _t17;
					if(_t17 == 0) {
						L14:
						E004069E0();
						if( *((char*)(0x45cb40)) <= 1 ||  *0x458000 != 0) {
							_t64 =  *0x0045CB28;
							if( *0x0045CB28 != 0) {
								E0040A1B8(_t64);
								_t7 =  *((intOrPtr*)(0x45cb28)) + 0x10; // 0x400000
								_t59 =  *_t7;
								_t9 =  *((intOrPtr*)(0x45cb28)) + 4; // 0x400000
								if(_t59 !=  *_t9 && _t59 != 0) {
									FreeLibrary(_t59);
								}
							}
						}
						E004069B8(0x45cb18);
						if( *((char*)(0x45cb40)) == 1) {
							 *0x0045CB3C();
						}
						if( *((char*)(0x45cb40)) != 0) {
							E00406C84(0x45cb18);
						}
						if( *0x45cb18 == 0) {
							if( *0x45a034 != 0) {
								 *0x45a034();
							}
							_t24 =  *0x458000; // 0x0
							ExitProcess(_t24); // executed
						}
						memcpy(0x45cb18,  *0x45cb18, 0xc << 2);
						_t65 = _t65 + 0xc;
						0x45cb18 = 0x45cb18;
						goto L9;
					} else {
						do {
							E0040570C(_t49);
							_t36 = E00404570();
							_t49 = _t36;
						} while (_t36 != 0);
						goto L14;
					}
				} else {
					do {
						 *0x45a054 = 0;
						 *((intOrPtr*)( *0x45a054))();
					} while ( *0x45a054 != 0);
					L9:
					while(1) {
					}
				}
			}










                                                                                                                                                0x00406d42
                                                                                                                                                0x00406d5d
                                                                                                                                                0x00406d5f
                                                                                                                                                0x00406d64
                                                                                                                                                0x00406d6b
                                                                                                                                                0x00406d6b
                                                                                                                                                0x00406d77
                                                                                                                                                0x00406d8b
                                                                                                                                                0x00406d95
                                                                                                                                                0x00406d95
                                                                                                                                                0x00406d9e
                                                                                                                                                0x00406db4
                                                                                                                                                0x00406db8
                                                                                                                                                0x00406dc5
                                                                                                                                                0x00406dc5
                                                                                                                                                0x00406dc8
                                                                                                                                                0x00406dcd
                                                                                                                                                0x00406dd1
                                                                                                                                                0x00406de5
                                                                                                                                                0x00406de5
                                                                                                                                                0x00406dee
                                                                                                                                                0x00406df9
                                                                                                                                                0x00406dfe
                                                                                                                                                0x00406e02
                                                                                                                                                0x00406e0a
                                                                                                                                                0x00406e0a
                                                                                                                                                0x00406e10
                                                                                                                                                0x00406e13
                                                                                                                                                0x00406e1a
                                                                                                                                                0x00406e1a
                                                                                                                                                0x00406e13
                                                                                                                                                0x00406dfe
                                                                                                                                                0x00406e21
                                                                                                                                                0x00406e2a
                                                                                                                                                0x00406e2c
                                                                                                                                                0x00406e2c
                                                                                                                                                0x00406e33
                                                                                                                                                0x00406e37
                                                                                                                                                0x00406e37
                                                                                                                                                0x00406e3f
                                                                                                                                                0x00406e48
                                                                                                                                                0x00406e4a
                                                                                                                                                0x00406e4a
                                                                                                                                                0x00406e50
                                                                                                                                                0x00406e56
                                                                                                                                                0x00406e56
                                                                                                                                                0x00406e67
                                                                                                                                                0x00406e67
                                                                                                                                                0x00406e69
                                                                                                                                                0x00000000
                                                                                                                                                0x00406dd3
                                                                                                                                                0x00406dd3
                                                                                                                                                0x00406dd5
                                                                                                                                                0x00406dda
                                                                                                                                                0x00406ddf
                                                                                                                                                0x00406de1
                                                                                                                                                0x00000000
                                                                                                                                                0x00406dd3
                                                                                                                                                0x00406da5
                                                                                                                                                0x00406da5
                                                                                                                                                0x00406dab
                                                                                                                                                0x00406dad
                                                                                                                                                0x00406daf
                                                                                                                                                0x00000000
                                                                                                                                                0x00406db4
                                                                                                                                                0x00000000
                                                                                                                                                0x00406db4

                                                                                                                                                APIs
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00406D79
                                                                                                                                                • FreeLibrary.KERNEL32(00400000,?,?,?,?,00406E7E,004045BB,00404602,?,?,0040461B), ref: 00406E1A
                                                                                                                                                • ExitProcess.KERNEL32(00000000,?,?,?,?,00406E7E,004045BB,00404602,?,?,0040461B), ref: 00406E56
                                                                                                                                                  • Part of subcall function 00406CB0: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?,?,00406E7E,004045BB,00404602), ref: 00406CE9
                                                                                                                                                  • Part of subcall function 00406CB0: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?,?,00406E7E,004045BB,00404602), ref: 00406CEF
                                                                                                                                                  • Part of subcall function 00406CB0: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?), ref: 00406D0A
                                                                                                                                                  • Part of subcall function 00406CB0: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69), ref: 00406D10
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3490077880-0
                                                                                                                                                • Opcode ID: 69fc96ce27c8194f6d5a84174052bb46b6ab76e4ff137658cbd3aeb99f694c4d
                                                                                                                                                • Instruction ID: 4929b9cacf4ed3c18e0fbb254ea7222140edc6bb7e8c552654c7641b89d5213a
                                                                                                                                                • Opcode Fuzzy Hash: 69fc96ce27c8194f6d5a84174052bb46b6ab76e4ff137658cbd3aeb99f694c4d
                                                                                                                                                • Instruction Fuzzy Hash: C33169306003418FDB31AB69D48931B76E1AF05709F06453FE546A72D2DB7CE8A8CB5E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402E62, Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 259 402e62-402e89 call 402db8 263 402ea5-402eac 259->263 264 402e8b-402e9a VirtualFree 259->264 267 402eae-402eca VirtualQuery VirtualFree 263->267 265 402ea0-402ea3 264->265 266 402e9c-402e9e 264->266 268 402edf-402ee1 265->268 266->268 269 402ed1-402ed7 267->269 270 402ecc-402ecf 267->270 272 402ee3-402ef3 268->272 273 402ef6-402f06 268->273 269->268 271 402ed9-402edd 269->271 270->268 271->267 272->273
                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                			E00402E62(void* __eax, void* __edx) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* __edi;
				void* __ebp;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t27;
				signed int _t30;
				signed int _t31;
				void* _t35;
				intOrPtr _t36;
				signed int _t40;
				void* _t42;
				void* _t43;

				_push(_t30);
				_t43 = _t42 + 0xffffffdc;
				_t35 = __eax - 0x10;
				E00402DB8(__eax, __edx, _t30);
				_t13 = _t35;
				 *_t43 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t27 =  *(_t13 + 0xc);
				if((_t27 & 0x00000008) != 0) {
					_t22 = _t35;
					_t40 = _t27 & 0xfffffff0;
					_t31 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t36 = _v44.RegionSize;
						if(_t40 > _t36) {
							_t40 = _t40 - _t36;
							_t22 = _t22 + _t36;
							continue;
						}
						goto L10;
					}
					_t31 = _t31 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t35, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t31 = _t30 | 0xffffffff;
					} else {
						_t31 = 0;
					}
				}
				L10:
				if(_t31 == 0) {
					 *_v48 =  *_t43;
					 *( *_t43 + 4) = _v48;
				}
				 *0x45caf8 = 0;
				return _t31;
			}


















                                                                                                                                                0x00402e66
                                                                                                                                                0x00402e68
                                                                                                                                                0x00402e6d
                                                                                                                                                0x00402e70
                                                                                                                                                0x00402e75
                                                                                                                                                0x00402e79
                                                                                                                                                0x00402e7f
                                                                                                                                                0x00402e83
                                                                                                                                                0x00402e89
                                                                                                                                                0x00402ea5
                                                                                                                                                0x00402ea9
                                                                                                                                                0x00402eac
                                                                                                                                                0x00402eae
                                                                                                                                                0x00402eb6
                                                                                                                                                0x00402eca
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ed1
                                                                                                                                                0x00402ed7
                                                                                                                                                0x00402ed9
                                                                                                                                                0x00402edb
                                                                                                                                                0x00000000
                                                                                                                                                0x00402edb
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ed7
                                                                                                                                                0x00402ecc
                                                                                                                                                0x00402e8b
                                                                                                                                                0x00402e93
                                                                                                                                                0x00402e9a
                                                                                                                                                0x00402ea0
                                                                                                                                                0x00402e9c
                                                                                                                                                0x00402e9c
                                                                                                                                                0x00402e9c
                                                                                                                                                0x00402e9a
                                                                                                                                                0x00402edf
                                                                                                                                                0x00402ee1
                                                                                                                                                0x00402eea
                                                                                                                                                0x00402ef3
                                                                                                                                                0x00402ef3
                                                                                                                                                0x00402ef6
                                                                                                                                                0x00402f06

                                                                                                                                                APIs
                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00402E93
                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00402EB6
                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00402EC3
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Virtual$Free$Query
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 778034434-0
                                                                                                                                                • Opcode ID: c878f221a1cee6844763b9f78f45944839d7f43b0250e969bdb006fc1b73756d
                                                                                                                                                • Instruction ID: 2255de812237d45d2e8f64cfce0174243e54c7c6553f8d79e5f8c6a488c41b72
                                                                                                                                                • Opcode Fuzzy Hash: c878f221a1cee6844763b9f78f45944839d7f43b0250e969bdb006fc1b73756d
                                                                                                                                                • Instruction Fuzzy Hash: 8A119031384700ABD310E629CE89B1B77D9AF84724F158236E9A8A73D1E6F8DC0157DA
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00407100, Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 274 407100-407102 275 406f90-406f94 274->275 276 407108-407113 SysAllocStringLen 274->276 277 406fa4 275->277 278 406f96-406fa3 SysFreeString 275->278 279 406f28-407050 276->279 280 407119-407122 SysFreeString 276->280 278->277 282 407052-407062 SysAllocStringLen 279->282 283 40706a 279->283 282->279 284 407068 282->284 284->283
                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                			E00407100(signed char __eax, void* __ecx, void* __edx) {
				intOrPtr _v8;
				signed char _v13;
				void* _t5;
				void* _t11;

				if(__ecx == 0) {
					_t11 =  *__eax;
					if(_t11 != 0) {
						 *__eax = 0;
						_push(__eax);
						L004028FC(); // executed
						_t5 = _t11;
						return _t5;
					}
					return __eax;
				} else {
					_push(__eax);
					_push(__ecx);
					L004028EC(); // executed
					__edx = __edx;
					if(__eax == 0) {
						_push(__ecx);
						_v13 = __eax;
						return E004045BC(_v13 & 0x000000ff, _v8);
					} else {
						_push( *__edx);
						 *__edx = __eax;
						L004028FC();
						return __eax;
					}
				}
			}







                                                                                                                                                0x00407102
                                                                                                                                                0x00406f90
                                                                                                                                                0x00406f94
                                                                                                                                                0x00406f96
                                                                                                                                                0x00406f9c
                                                                                                                                                0x00406f9e
                                                                                                                                                0x00406fa3
                                                                                                                                                0x00000000
                                                                                                                                                0x00406fa3
                                                                                                                                                0x00406fa4
                                                                                                                                                0x00407108
                                                                                                                                                0x00407108
                                                                                                                                                0x00407109
                                                                                                                                                0x0040710b
                                                                                                                                                0x00407112
                                                                                                                                                0x00407113
                                                                                                                                                0x0040460b
                                                                                                                                                0x0040460c
                                                                                                                                                0x0040461d
                                                                                                                                                0x00407119
                                                                                                                                                0x00407119
                                                                                                                                                0x0040711b
                                                                                                                                                0x0040711d
                                                                                                                                                0x00407122
                                                                                                                                                0x00407122
                                                                                                                                                0x00407113

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                • Opcode ID: 1d51f169246ed0332ea55dc57ed08ced13a624deaf2b732a46fee75f2ef37196
                                                                                                                                                • Instruction ID: 135d6be2966b7f0c8c2630a1d7543a227a2aba661bad37ab3b383f95e5ee5edb
                                                                                                                                                • Opcode Fuzzy Hash: 1d51f169246ed0332ea55dc57ed08ced13a624deaf2b732a46fee75f2ef37196
                                                                                                                                                • Instruction Fuzzy Hash: 80E08CB91053025DEE40BF219D04B372768AF82300B25857FB401BA2D4DA7D98017628
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00409ED0, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                			E00409ED0(intOrPtr __eax, void* __ebx, signed int* __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t37;
				signed short _t39;
				signed short _t42;
				signed int _t59;
				intOrPtr _t72;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E0040702C(_v8);
				E0040702C(_v12);
				_push(_t84);
				_push(0x409fdd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00406F48(__ecx);
				E00407370( &_v20, _v12);
				_t37 = _v12;
				if(_t37 != 0) {
					_t37 =  *(_t37 - 4);
				}
				_t59 = _t37;
				if(_t59 < 1) {
					L6:
					_t39 = E00409C18(_v8, _t59,  &_v16, _t81); // executed
					_t89 = _v16;
					if(_v16 == 0) {
						L00402874();
						E004095C4(_t39, _t59,  &_v24, _t79, _t81);
						_t42 = E00409D38(_v20, _t59, _t81, _v24, _t79, _t81, __eflags); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x45cb84;
							if( *0x45cb84 == 0) {
								L0040287C();
								E004095C4(_t42, _t59,  &_v28, _t79, _t81);
								E00409D38(_v20, _t59, _t81, _v28, _t79, _t81, __eflags);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E00409E04(_v20, _t59, _t81, __eflags); // executed
						}
					} else {
						E00409D38(_v20, _t59, _t81, _v16, _t79, _t81, _t89);
					}
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(E00409FE4);
					return E00406FA8( &_v28, 6);
				} else {
					while( *((short*)(_v12 + _t59 * 2 - 2)) != 0x2e) {
						_t59 = _t59 - 1;
						__eflags = _t59;
						if(_t59 != 0) {
							continue;
						}
						goto L6;
					}
					E00407F5C(_v12, _t59, 1,  &_v20);
					goto L6;
				}
			}

















                                                                                                                                                0x00409ed0
                                                                                                                                                0x00409ed3
                                                                                                                                                0x00409ed5
                                                                                                                                                0x00409ed7
                                                                                                                                                0x00409ed9
                                                                                                                                                0x00409edb
                                                                                                                                                0x00409edd
                                                                                                                                                0x00409edf
                                                                                                                                                0x00409ee0
                                                                                                                                                0x00409ee1
                                                                                                                                                0x00409ee3
                                                                                                                                                0x00409ee6
                                                                                                                                                0x00409eec
                                                                                                                                                0x00409ef4
                                                                                                                                                0x00409efb
                                                                                                                                                0x00409efc
                                                                                                                                                0x00409f01
                                                                                                                                                0x00409f04
                                                                                                                                                0x00409f09
                                                                                                                                                0x00409f14
                                                                                                                                                0x00409f19
                                                                                                                                                0x00409f1e
                                                                                                                                                0x00409f23
                                                                                                                                                0x00409f23
                                                                                                                                                0x00409f25
                                                                                                                                                0x00409f2a
                                                                                                                                                0x00409f51
                                                                                                                                                0x00409f57
                                                                                                                                                0x00409f5c
                                                                                                                                                0x00409f60
                                                                                                                                                0x00409f71
                                                                                                                                                0x00409f79
                                                                                                                                                0x00409f86
                                                                                                                                                0x00409f8b
                                                                                                                                                0x00409f8e
                                                                                                                                                0x00409f90
                                                                                                                                                0x00409f97
                                                                                                                                                0x00409f99
                                                                                                                                                0x00409fa1
                                                                                                                                                0x00409fae
                                                                                                                                                0x00409fae
                                                                                                                                                0x00409f97
                                                                                                                                                0x00409fb3
                                                                                                                                                0x00409fb6
                                                                                                                                                0x00409fbd
                                                                                                                                                0x00409fbd
                                                                                                                                                0x00409f62
                                                                                                                                                0x00409f6a
                                                                                                                                                0x00409f6a
                                                                                                                                                0x00409fc4
                                                                                                                                                0x00409fc7
                                                                                                                                                0x00409fca
                                                                                                                                                0x00409fdc
                                                                                                                                                0x00409f2c
                                                                                                                                                0x00409f2c
                                                                                                                                                0x00409f4c
                                                                                                                                                0x00409f4d
                                                                                                                                                0x00409f4f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00409f4f
                                                                                                                                                0x00409f45
                                                                                                                                                0x00000000
                                                                                                                                                0x00409f45

                                                                                                                                                APIs
                                                                                                                                                • GetUserDefaultUILanguage.KERNEL32(00000000,00409FDD,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040A066,00000000,?,00000105), ref: 00409F71
                                                                                                                                                • GetSystemDefaultUILanguage.KERNEL32(00000000,00409FDD,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040A066,00000000,?,00000105), ref: 00409F99
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DefaultLanguage$SystemUser
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 384301227-0
                                                                                                                                                • Opcode ID: e1a64b32d8c73f1235397de0fecc9c001fefab2956a3a070bd06624350d6620e
                                                                                                                                                • Instruction ID: 3598bae12981bb2611c0776d053a57f4d0360bb7a151442cb3bb52969bcb3175
                                                                                                                                                • Opcode Fuzzy Hash: e1a64b32d8c73f1235397de0fecc9c001fefab2956a3a070bd06624350d6620e
                                                                                                                                                • Instruction Fuzzy Hash: A4314F70E1420A9FDB10EB95C881AAEB7B5EF44304F10857BE500F32D2D7B8AD41CB99
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00409FEC, Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                			E00409FEC(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40a0a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00407C00( &_v536, _t49);
				_push(_v536);
				E00407C3C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E00409ED0(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E00407BA8(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040A0AD);
				E00406FA8( &_v540, 2);
				return E00406F48( &_v8);
			}











                                                                                                                                                0x00409ff9
                                                                                                                                                0x00409fff
                                                                                                                                                0x0040a005
                                                                                                                                                0x0040a008
                                                                                                                                                0x0040a00c
                                                                                                                                                0x0040a00d
                                                                                                                                                0x0040a012
                                                                                                                                                0x0040a015
                                                                                                                                                0x0040a028
                                                                                                                                                0x0040a035
                                                                                                                                                0x0040a040
                                                                                                                                                0x0040a052
                                                                                                                                                0x0040a060
                                                                                                                                                0x0040a061
                                                                                                                                                0x0040a06a
                                                                                                                                                0x0040a079
                                                                                                                                                0x0040a07e
                                                                                                                                                0x0040a082
                                                                                                                                                0x0040a085
                                                                                                                                                0x0040a088
                                                                                                                                                0x0040a098
                                                                                                                                                0x0040a0a5

                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040A0A6,?,?,00000000), ref: 0040A028
                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040A0A6,?,?,00000000), ref: 0040A079
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileLibraryLoadModuleName
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1159719554-0
                                                                                                                                                • Opcode ID: 6df0284b3f21ac0b3a16c9a75c210fef337fdfed43d3ecd2e193fb38d22d4668
                                                                                                                                                • Instruction ID: ad2cfdc96b2da7b923a988944e41f1c63609f79036eb9cea3d4f4da3d94f04dd
                                                                                                                                                • Opcode Fuzzy Hash: 6df0284b3f21ac0b3a16c9a75c210fef337fdfed43d3ecd2e193fb38d22d4668
                                                                                                                                                • Instruction Fuzzy Hash: 93115171A4421C9BDB20EF60DD86BDEB3B8DB14304F5141BBF508B32D1DA785F858A9A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004073A0, Relevance: 3.0, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 374 4073a0-4073a2 375 406f90-406f94 374->375 376 4073a8-4073ad 374->376 378 406fa4 375->378 379 406f96-406fa3 SysFreeString 375->379 376->375 377 4073b3-4073bd SysReAllocStringLen 376->377 380 4073c3 377->380 381 406f28-407050 377->381 379->378 383 407052-407062 SysAllocStringLen 381->383 384 40706a 381->384 383->381 385 407068 383->385 385->384
                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                			E004073A0(signed char __eax, void* __edx) {
				intOrPtr _v12;
				signed char _v17;
				void* _t6;
				void* _t12;

				_t5 = __eax;
				if(__edx == 0) {
					L3:
					_t12 =  *_t5;
					if(_t12 != 0) {
						 *_t5 = 0;
						_push(_t5);
						L004028FC(); // executed
						_t6 = _t12;
						return _t6;
					}
					return _t5;
				} else {
					__ecx =  *(__edx - 4);
					__ecx =  *(__edx - 4) >> 1;
					if(__ecx == 0) {
						goto L3;
					} else {
						_push(__ecx);
						_push(__edx);
						_push(__eax); // executed
						L004028F4(); // executed
						if(__eax == 0) {
							_v17 = __eax;
							return E004045BC(_v17 & 0x000000ff, _v12);
						} else {
							return __eax;
						}
					}
				}
			}







                                                                                                                                                0x004073a0
                                                                                                                                                0x004073a2
                                                                                                                                                0x00406f90
                                                                                                                                                0x00406f90
                                                                                                                                                0x00406f94
                                                                                                                                                0x00406f96
                                                                                                                                                0x00406f9c
                                                                                                                                                0x00406f9e
                                                                                                                                                0x00406fa3
                                                                                                                                                0x00000000
                                                                                                                                                0x00406fa3
                                                                                                                                                0x00406fa4
                                                                                                                                                0x004073a8
                                                                                                                                                0x004073a8
                                                                                                                                                0x004073ab
                                                                                                                                                0x004073ad
                                                                                                                                                0x00000000
                                                                                                                                                0x004073b3
                                                                                                                                                0x004073b3
                                                                                                                                                0x004073b4
                                                                                                                                                0x004073b5
                                                                                                                                                0x004073b6
                                                                                                                                                0x004073bd
                                                                                                                                                0x0040460c
                                                                                                                                                0x0040461d
                                                                                                                                                0x004073c3
                                                                                                                                                0x004073c3
                                                                                                                                                0x004073c3
                                                                                                                                                0x004073bd
                                                                                                                                                0x004073ad

                                                                                                                                                APIs
                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00406F9E
                                                                                                                                                • SysReAllocStringLen.OLEAUT32(?,?,?), ref: 004073B6
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                • Opcode ID: feb13993c9ff4b3eeb94c7d43c4c0a5d557b848b01bfa8496a933ed181b3452e
                                                                                                                                                • Instruction ID: 901812de00d968f65791904df4be351538c430c95a4ba65e6484f0353d3ee508
                                                                                                                                                • Opcode Fuzzy Hash: feb13993c9ff4b3eeb94c7d43c4c0a5d557b848b01bfa8496a933ed181b3452e
                                                                                                                                                • Instruction Fuzzy Hash: 0ED012F85002025DEA54AA159905B372769AFC1704B6AC67F74027B2D8DF7DAC11A638
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004043B0, Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 386 4043b0-4043c1 387 4043d5-4043d7 386->387 388 4043c3-4043d3 VirtualFree 387->388 389 4043d9-4043de 387->389 388->387 390 4043e3-4043fd 389->390 390->390 391 4043ff-404409 390->391 392 40440e-404419 391->392 392->392 393 40441b-40443d call 404db4 392->393 396 404451-404453 393->396 397 404455-40445e 396->397 398 40443f-40444f VirtualFree 396->398 398->396
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004043B0() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x0045AA5C;
				while(_t28 != 0x45aa58) {
					_t2 = _t28 + 4; // 0x45aa58
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x458074;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x45aa58 = 0x45aa58;
				 *0x0045AA5C = 0x45aa58;
				_t26 = 0x400;
				_t23 = 0x45aaf8;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x45aaf8
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x45aa74 = 0;
				E00404DB4(0x45aa78, 0x80);
				_t18 = 0;
				 *0x45aa70 = 0;
				_t31 =  *0x0045CB00;
				while(_t31 != 0x45cafc) {
					_t10 = _t31 + 4; // 0x45cafc
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x45cafc = 0x45cafc;
				 *0x0045CB00 = 0x45cafc;
				return _t18;
			}











                                                                                                                                                0x004043be
                                                                                                                                                0x004043d5
                                                                                                                                                0x004043c3
                                                                                                                                                0x004043ce
                                                                                                                                                0x004043d3
                                                                                                                                                0x004043d3
                                                                                                                                                0x004043d9
                                                                                                                                                0x004043de
                                                                                                                                                0x004043e3
                                                                                                                                                0x004043e5
                                                                                                                                                0x004043ea
                                                                                                                                                0x004043ed
                                                                                                                                                0x004043f6
                                                                                                                                                0x004043f9
                                                                                                                                                0x004043fc
                                                                                                                                                0x004043fc
                                                                                                                                                0x004043ff
                                                                                                                                                0x00404401
                                                                                                                                                0x00404404
                                                                                                                                                0x00404409
                                                                                                                                                0x0040440e
                                                                                                                                                0x0040440e
                                                                                                                                                0x00404410
                                                                                                                                                0x00404412
                                                                                                                                                0x00404412
                                                                                                                                                0x00404415
                                                                                                                                                0x00404418
                                                                                                                                                0x00404418
                                                                                                                                                0x0040441d
                                                                                                                                                0x0040442e
                                                                                                                                                0x00404433
                                                                                                                                                0x00404435
                                                                                                                                                0x0040443a
                                                                                                                                                0x00404451
                                                                                                                                                0x0040443f
                                                                                                                                                0x0040444a
                                                                                                                                                0x0040444f
                                                                                                                                                0x0040444f
                                                                                                                                                0x00404455
                                                                                                                                                0x00404457
                                                                                                                                                0x0040445e

                                                                                                                                                APIs
                                                                                                                                                • VirtualFree.KERNEL32(0045AA58,00000000,00008000), ref: 004043CE
                                                                                                                                                • VirtualFree.KERNEL32(0045CAFC,00000000,00008000), ref: 0040444A
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                • Opcode ID: 8d2994ec39eb40cc39d4c7ccecf803636bb7a6a7001b0fc23884896d2fb43ef3
                                                                                                                                                • Instruction ID: 3d3c5bbee805edfab7e0d138dcc467b03b5a262a2aaf075a23b4cee3cae91e6f
                                                                                                                                                • Opcode Fuzzy Hash: 8d2994ec39eb40cc39d4c7ccecf803636bb7a6a7001b0fc23884896d2fb43ef3
                                                                                                                                                • Instruction Fuzzy Hash: DC11B2B17002108FC7648F188940B167AD0EB88710F11C17FEA49EB392DB78EC11CB8C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040B41A, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 404 40b41a-40b464 call 4048fc CreateWindowExW call 4048ec 408 40b469-40b470 404->408
                                                                                                                                                APIs
                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B45B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateWindow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 716092398-0
                                                                                                                                                • Opcode ID: ab068e6a14e2c8ea8f4ce41aac0a214f8f62bce815132915536ade01f0905f44
                                                                                                                                                • Instruction ID: 8bffa950da6ccf8e9d68115b3a6ee38b3c6b7003a5f786c7cfb0dde57d8959c8
                                                                                                                                                • Opcode Fuzzy Hash: ab068e6a14e2c8ea8f4ce41aac0a214f8f62bce815132915536ade01f0905f44
                                                                                                                                                • Instruction Fuzzy Hash: 2BF074B6700158BF9B40DE9DDC81D9B77ECEB8C264B054529BA08D3201D634ED108BB4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00408DA8, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 00408DC6
                                                                                                                                                  • Part of subcall function 00409FEC: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040A0A6,?,?,00000000), ref: 0040A028
                                                                                                                                                  • Part of subcall function 00409FEC: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040A0A6,?,?,00000000), ref: 0040A079
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileModuleName$LibraryLoad
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4113206344-0
                                                                                                                                                • Opcode ID: a4f943427d6c15ff19a55d6586e8759d67d6134fb03fea4ad23bbb802e798a21
                                                                                                                                                • Instruction ID: 2b3792a4b1dc60e46a66f7ef244482b2543de5494b205b85215521d4bfe0cd67
                                                                                                                                                • Opcode Fuzzy Hash: a4f943427d6c15ff19a55d6586e8759d67d6134fb03fea4ad23bbb802e798a21
                                                                                                                                                • Instruction Fuzzy Hash: B2E03971A003108BCB14EE58C9C5A563398AF08714F044666BC54DF3C6D374CD1087D5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040704C, Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SysAllocStringLen.OLEAUT32(?,?), ref: 0040705A
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2525500382-0
                                                                                                                                                • Opcode ID: 16babeede66944311f6e0df2b414e5d3b47cea53d27240e4525f174b2cd611bf
                                                                                                                                                • Instruction ID: 521c1b5f768b699ab125e90a01b1e4ab36393b7829fdf46fa2c319fda676c47c
                                                                                                                                                • Opcode Fuzzy Hash: 16babeede66944311f6e0df2b414e5d3b47cea53d27240e4525f174b2cd611bf
                                                                                                                                                • Instruction Fuzzy Hash: 54D022F42001034ED744AE28E85083B776A6BC2300324C37FA002BF3C4EB39D801EB24
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00407008, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0040701B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3341692771-0
                                                                                                                                                • Opcode ID: 4cf0a83ff36956a515eac7eb73c08a37bd4d852cd297a7e06ceb0178c6838f5a
                                                                                                                                                • Instruction ID: f77538cef8f84c1bd5edb082dd2576eeb3805c9f22ead7ab868353bef42dccd9
                                                                                                                                                • Opcode Fuzzy Hash: 4cf0a83ff36956a515eac7eb73c08a37bd4d852cd297a7e06ceb0178c6838f5a
                                                                                                                                                • Instruction Fuzzy Hash: 47C012B2A5032007FB71A6599CC075362CC9B09364F1401B3A504F7380E2B8EC005295
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406F90, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00406F9E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3341692771-0
                                                                                                                                                • Opcode ID: 471d2ff2594150b78ca6c9d41656be4253a4a1085d03196ac1dbf8d1541dd155
                                                                                                                                                • Instruction ID: 89bf236701077f683077845decda5aadd05ea4a3446af6ed9eb91949d41ba639
                                                                                                                                                • Opcode Fuzzy Hash: 471d2ff2594150b78ca6c9d41656be4253a4a1085d03196ac1dbf8d1541dd155
                                                                                                                                                • Instruction Fuzzy Hash: 3CB092F91012015EEA50AB15A940B23336AAFC1710F39C5AAB400AB1A8CBBC9800A628
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040A860, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                • Opcode ID: 061f33c74fbd3a8d12d99ac730462816d9650d909b5116e36f914e29ba85aaf6
                                                                                                                                                • Instruction ID: d6bccd244c40ba3431a3becacedfdf5b7a54d22225aaa3a95c66c6ebb6932839
                                                                                                                                                • Opcode Fuzzy Hash: 061f33c74fbd3a8d12d99ac730462816d9650d909b5116e36f914e29ba85aaf6
                                                                                                                                                • Instruction Fuzzy Hash: 6FA0121480C4001AC808F7194D4340B32801940214FC40324745CA52C2E62985A843DB
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402D40, Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004), ref: 00402D56
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                • Opcode ID: 024d5869aee8cc5e0066f59b7bbe62c916f8b3e72f1fb50b144aeac3fa107d94
                                                                                                                                                • Instruction ID: 7207d1b74ac269641ab438553269f1b09c707aea7dad436dca93dc9b85709a22
                                                                                                                                                • Opcode Fuzzy Hash: 024d5869aee8cc5e0066f59b7bbe62c916f8b3e72f1fb50b144aeac3fa107d94
                                                                                                                                                • Instruction Fuzzy Hash: A1F04FF1B013004BEB088F798E457067AD1A789305F10823EE509EB7D9D7748816CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402E00, Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004), ref: 00402E20
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                • Opcode ID: b79692297b5bf3f8c0cdbdd34c1567a956225141c18b667eea4df64c00c8653b
                                                                                                                                                • Instruction ID: dc0fed2b55bf8e47ea98f1396532cc0d907e2004168205748f31cb656931c14a
                                                                                                                                                • Opcode Fuzzy Hash: b79692297b5bf3f8c0cdbdd34c1567a956225141c18b667eea4df64c00c8653b
                                                                                                                                                • Instruction Fuzzy Hash: 27F0B4B6A007556FD3219F5AACC4B46BB94FB01715F41413AF948B7381D7B4AC00C7D8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00409708, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 151stringlibraryfileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                			E00409708(WCHAR* __eax, int __edx) {
				WCHAR* _v8;
				int _v12;
				WCHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				signed int _t56;
				signed int _t57;
				signed int _t101;
				signed int _t102;
				intOrPtr* _t103;
				WCHAR* _t110;
				struct HINSTANCE__* _t111;
				WCHAR* _t113;
				short* _t114;
				void* _t115;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t111 = GetModuleHandleW(L"kernel32.dll");
				if(_t111 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t113 =  &(_v8[2]);
						goto L10;
					} else {
						if(_v8[1] == 0x5c) {
							_t114 = E004096E4( &(_v8[2]));
							if( *_t114 != 0) {
								_t14 = _t114 + 2; // 0x2
								_t113 = E004096E4(_t14);
								if( *_t113 != 0) {
									L10:
									_t101 = _t113 - _v8;
									_t102 = _t101 >> 1;
									if(_t101 < 0) {
										asm("adc ebx, 0x0");
									}
									lstrcpynW( &_v1134, _v8, _t102 + 1);
									while( *_t113 != 0) {
										_t110 = E004096E4( &(_t113[1]));
										_t50 = _t110 - _t113;
										_t51 = _t50 >> 1;
										if(_t50 < 0) {
											asm("adc eax, 0x0");
										}
										if(_t51 + _t102 + 1 <= 0x105) {
											_t56 = _t110 - _t113;
											_t57 = _t56 >> 1;
											if(_t56 < 0) {
												asm("adc eax, 0x0");
											}
											lstrcpynW( &_v1134 + _t102 + _t102, _t113, _t57 + 1);
											_v20 = FindFirstFileW( &_v1134,  &_v612);
											if(_v20 != 0xffffffff) {
												FindClose(_v20);
												if(lstrlenW( &(_v612.cFileName)) + _t102 + 1 + 1 <= 0x105) {
													 *((short*)(_t115 + _t102 * 2 - 0x46a)) = 0x5c;
													lstrcpynW( &(( &_v1134 + _t102 + _t102)[1]),  &(_v612.cFileName), 0x105 - _t102 - 1);
													_t102 = _t102 + lstrlenW( &(_v612.cFileName)) + 1;
													_t113 = _t110;
													continue;
												}
											}
										}
										goto L23;
									}
									lstrcpynW(_v8,  &_v1134, _v12);
								}
							}
						}
					}
				} else {
					_t103 = GetProcAddress(_t111, "GetLongPathNameW");
					if(_t103 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t103() == 0) {
							goto L4;
						} else {
							lstrcpynW(_v8,  &_v1134, _v12);
						}
					}
				}
				L23:
				return _v16;
			}





















                                                                                                                                                0x00409714
                                                                                                                                                0x00409717
                                                                                                                                                0x0040971d
                                                                                                                                                0x0040972a
                                                                                                                                                0x0040972e
                                                                                                                                                0x00409770
                                                                                                                                                0x00409777
                                                                                                                                                0x004097b7
                                                                                                                                                0x00000000
                                                                                                                                                0x00409779
                                                                                                                                                0x00409781
                                                                                                                                                0x00409792
                                                                                                                                                0x00409798
                                                                                                                                                0x0040979e
                                                                                                                                                0x004097a6
                                                                                                                                                0x004097ac
                                                                                                                                                0x004097ba
                                                                                                                                                0x004097bc
                                                                                                                                                0x004097bf
                                                                                                                                                0x004097c1
                                                                                                                                                0x004097c3
                                                                                                                                                0x004097c3
                                                                                                                                                0x004097d5
                                                                                                                                                0x004098a4
                                                                                                                                                0x004097e7
                                                                                                                                                0x004097eb
                                                                                                                                                0x004097ed
                                                                                                                                                0x004097ef
                                                                                                                                                0x004097f1
                                                                                                                                                0x004097f1
                                                                                                                                                0x004097fc
                                                                                                                                                0x00409804
                                                                                                                                                0x00409806
                                                                                                                                                0x00409808
                                                                                                                                                0x0040980a
                                                                                                                                                0x0040980a
                                                                                                                                                0x0040981d
                                                                                                                                                0x00409835
                                                                                                                                                0x0040983c
                                                                                                                                                0x00409846
                                                                                                                                                0x00409862
                                                                                                                                                0x00409864
                                                                                                                                                0x0040988e
                                                                                                                                                0x004098a0
                                                                                                                                                0x004098a2
                                                                                                                                                0x00000000
                                                                                                                                                0x004098a2
                                                                                                                                                0x00409862
                                                                                                                                                0x0040983c
                                                                                                                                                0x00000000
                                                                                                                                                0x004097fc
                                                                                                                                                0x004098bd
                                                                                                                                                0x004098bd
                                                                                                                                                0x004097ac
                                                                                                                                                0x00409798
                                                                                                                                                0x00409781
                                                                                                                                                0x00409730
                                                                                                                                                0x0040973b
                                                                                                                                                0x0040973f
                                                                                                                                                0x00000000
                                                                                                                                                0x00409741
                                                                                                                                                0x00409741
                                                                                                                                                0x0040974c
                                                                                                                                                0x00409750
                                                                                                                                                0x00409755
                                                                                                                                                0x00000000
                                                                                                                                                0x00409757
                                                                                                                                                0x00409766
                                                                                                                                                0x00409766
                                                                                                                                                0x00409755
                                                                                                                                                0x0040973f
                                                                                                                                                0x004098c2
                                                                                                                                                0x004098cb

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 00409725
                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 00409736
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?,?,?,?), ref: 00409766
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?,kernel32.dll,?,?,?), ref: 004097D5
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 0040981D
                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 00409830
                                                                                                                                                • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 00409846
                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 00409852
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,?), ref: 0040988E
                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll), ref: 0040989A
                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 004098BD
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                                                • API String ID: 3245196872-3908791685
                                                                                                                                                • Opcode ID: ccb63d4510d81ad6662cdb73e39ee66b20d823d4fc0582c4e8ab57075e3b5641
                                                                                                                                                • Instruction ID: d8b81b4d9d92e47e217235aa57dc772448e112e3b730a3cfe8015ecd17f718d2
                                                                                                                                                • Opcode Fuzzy Hash: ccb63d4510d81ad6662cdb73e39ee66b20d823d4fc0582c4e8ab57075e3b5641
                                                                                                                                                • Instruction Fuzzy Hash: AE5182B2E10119ABCB10EEA8CD85ADEB3B8AF05310F1445B7A554F72C2E778DE44CB58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404A90, Relevance: 19.7, APIs: 13, Instructions: 189COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00404A90(void** __eax, void* __ecx) {
				long _v16;
				void* _t40;
				long _t41;
				void* _t43;
				void* _t47;
				void** _t63;
				void* _t84;
				void** _t86;
				long _t88;
				void* _t91;
				void* _t92;
				long _t93;
				long _t94;
				void* _t95;
				long _t96;
				long _t97;

				_t86 = __eax;
				_t97 = 0;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				_t40 = ( *(__eax + 4) & 0x0000ffff) - 0xd7b1;
				if(_t40 == 0) {
					_t41 = 0x80000000;
					_t88 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x4049c8;
					L7:
					_t86[8] = E00404A04;
					if(_t86[0x12] != 0) {
						_t86[9] = E00404A58;
						_t43 = CreateFileW( &(_t86[0x12]), _t41, 1, 0, _t88, 0x80, 0);
						if(_t43 != 0xffffffff) {
							 *_t86 = _t43;
							if(_t86[1] != 0xd7b3) {
								L41:
								if(_t86[0xb4] == 0) {
									_t86[0xb4] =  *0x45a8fc & 0x0000ffff;
								}
								goto L43;
							}
							_t86[1] = 0xd7b2;
							_t93 = GetFileSize( *_t86, 0);
							if(_t93 != 0xffffffff) {
								_t94 = _t93 - 0x80;
								if(_t94 < 0) {
									_t94 = 0;
								}
								if(SetFilePointer( *_t86, _t94, 0, 0) + 1 == 0 || ReadFile( *_t86,  &(_t86[0x94]), 0x80,  &_v16, 0) == 0) {
									_t97 = E00404A78(_t86);
									goto L49;
								} else {
									if((_t86[1] & 0x00000001) == 0 || _v16 <= 0) {
										goto L41;
									} else {
										_t91 = _v16 - 1;
										if(_t91 < 0) {
											goto L41;
										}
										_t92 = _t91 + 1;
										_t95 = 0;
										_t63 =  &(_t86[0x94]);
										while( *_t63 != 0x1a) {
											_t95 = _t95 + 1;
											_t63 =  &(_t63[0]);
											_t92 = _t92 - 1;
											if(_t92 != 0) {
												continue;
											}
											goto L41;
										}
										if(SetFilePointer( *_t86, _t95 - _v16, 0, 2) + 1 == 0 || SetEndOfFile( *_t86) == 0) {
											_t97 = E00404A78(_t86);
											goto L49;
										} else {
											goto L41;
										}
									}
								}
							}
							_t97 = E00404A78(_t86);
							goto L49;
						}
						_t86[1] = 0xd7b0;
						_t97 = GetLastError();
						goto L49;
					} else {
						if(_t86[5] == 0) {
							_t86[5] =  &(_t86[0x94]);
							_t86[2] = 0x80;
						}
						_t86[9] = E00404A04;
						if(_t86[1] != 0xd7b2) {
							 *_t86 = GetStdHandle(0xfffffff6);
						} else {
							if(_t86 != 0x45a61c) {
								_t96 = 0xfffffff5;
							} else {
								_t96 = 0xfffffff4;
							}
							 *_t86 = GetStdHandle(_t96);
						}
						if(_t86[0xb4] == 0) {
							if(GetFileType( *_t86) != 2) {
								_t86[0xb4] =  *0x45a8fc & 0x0000ffff;
							} else {
								if(_t86[1] != 0xd7b2) {
									_t86[0xb4] = GetConsoleCP();
								} else {
									_t86[0xb4] = GetConsoleOutputCP();
								}
							}
						}
						L43:
						if(_t86[1] != 0xd7b1) {
							_t47 = GetFileType( *_t86) - 1;
							if(_t47 < 0) {
								E00404A78(_t86);
								_t97 = 0x69;
							} else {
								if(_t47 == 1) {
									_t86[8] = E00404A08;
								}
							}
						}
						L49:
						return _t97;
					}
				}
				_t84 = _t40 - 1;
				if(_t84 == 0) {
					_t41 = 0x40000000;
					_t88 = 2;
					 *((intOrPtr*)(__eax + 0x1c)) = E00404A08;
					goto L7;
				}
				if(_t84 == 1) {
					_t41 = 0xc0000000;
					_t88 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = E00404A08;
					goto L7;
				} else {
					goto L49;
				}
			}



















                                                                                                                                                0x00404a94
                                                                                                                                                0x00404a96
                                                                                                                                                0x00404a9a
                                                                                                                                                0x00404a9f
                                                                                                                                                0x00404aa6
                                                                                                                                                0x00404aaa
                                                                                                                                                0x00404abb
                                                                                                                                                0x00404ac0
                                                                                                                                                0x00404ac5
                                                                                                                                                0x00404af2
                                                                                                                                                0x00404af2
                                                                                                                                                0x00404afe
                                                                                                                                                0x00404ba8
                                                                                                                                                0x00404bc0
                                                                                                                                                0x00404bc8
                                                                                                                                                0x00404bdc
                                                                                                                                                0x00404be4
                                                                                                                                                0x00404cac
                                                                                                                                                0x00404cb4
                                                                                                                                                0x00404cbd
                                                                                                                                                0x00404cbd
                                                                                                                                                0x00000000
                                                                                                                                                0x00404cb4
                                                                                                                                                0x00404bea
                                                                                                                                                0x00404bfa
                                                                                                                                                0x00404bff
                                                                                                                                                0x00404c0f
                                                                                                                                                0x00404c17
                                                                                                                                                0x00404c19
                                                                                                                                                0x00404c19
                                                                                                                                                0x00404c29
                                                                                                                                                0x00404c51
                                                                                                                                                0x00000000
                                                                                                                                                0x00404c58
                                                                                                                                                0x00404c5c
                                                                                                                                                0x00000000
                                                                                                                                                0x00404c64
                                                                                                                                                0x00404c67
                                                                                                                                                0x00404c6a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404c6c
                                                                                                                                                0x00404c6d
                                                                                                                                                0x00404c6f
                                                                                                                                                0x00404c75
                                                                                                                                                0x00404ca7
                                                                                                                                                0x00404ca8
                                                                                                                                                0x00404ca9
                                                                                                                                                0x00404caa
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404caa
                                                                                                                                                0x00404c8e
                                                                                                                                                0x00404ca3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404c8e
                                                                                                                                                0x00404c5c
                                                                                                                                                0x00404c29
                                                                                                                                                0x00404c08
                                                                                                                                                0x00000000
                                                                                                                                                0x00404c08
                                                                                                                                                0x00404bca
                                                                                                                                                0x00404bd5
                                                                                                                                                0x00000000
                                                                                                                                                0x00404b04
                                                                                                                                                0x00404b08
                                                                                                                                                0x00404b10
                                                                                                                                                0x00404b13
                                                                                                                                                0x00404b13
                                                                                                                                                0x00404b1a
                                                                                                                                                0x00404b27
                                                                                                                                                0x00404b4e
                                                                                                                                                0x00404b29
                                                                                                                                                0x00404b2f
                                                                                                                                                0x00404b38
                                                                                                                                                0x00404b31
                                                                                                                                                0x00404b31
                                                                                                                                                0x00404b31
                                                                                                                                                0x00404b43
                                                                                                                                                0x00404b43
                                                                                                                                                0x00404b58
                                                                                                                                                0x00404b69
                                                                                                                                                0x00404b9c
                                                                                                                                                0x00404b6b
                                                                                                                                                0x00404b71
                                                                                                                                                0x00404b89
                                                                                                                                                0x00404b73
                                                                                                                                                0x00404b78
                                                                                                                                                0x00404b78
                                                                                                                                                0x00404b71
                                                                                                                                                0x00404b69
                                                                                                                                                0x00404cc4
                                                                                                                                                0x00404cca
                                                                                                                                                0x00404cd4
                                                                                                                                                0x00404cd7
                                                                                                                                                0x00404ce0
                                                                                                                                                0x00404ce5
                                                                                                                                                0x00404cd9
                                                                                                                                                0x00404cda
                                                                                                                                                0x00404cec
                                                                                                                                                0x00404cec
                                                                                                                                                0x00404cda
                                                                                                                                                0x00404cd7
                                                                                                                                                0x00404cf3
                                                                                                                                                0x00404cf9
                                                                                                                                                0x00404cf9
                                                                                                                                                0x00404afe
                                                                                                                                                0x00404aac
                                                                                                                                                0x00404aaf
                                                                                                                                                0x00404ace
                                                                                                                                                0x00404ad3
                                                                                                                                                0x00404ad8
                                                                                                                                                0x00000000
                                                                                                                                                0x00404ad8
                                                                                                                                                0x00404ab4
                                                                                                                                                0x00404ae1
                                                                                                                                                0x00404ae6
                                                                                                                                                0x00404aeb
                                                                                                                                                0x00000000
                                                                                                                                                0x00404ab6
                                                                                                                                                0x00000000
                                                                                                                                                0x00404ab6

                                                                                                                                                APIs
                                                                                                                                                • GetStdHandle.KERNEL32(FFFFFFF5), ref: 00404B3E
                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00404B49
                                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 00404B61
                                                                                                                                                • GetConsoleOutputCP.KERNEL32(00000000), ref: 00404B73
                                                                                                                                                • GetConsoleCP.KERNEL32(00000000), ref: 00404B84
                                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 00404CCF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ConsoleFileHandleType$Output
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 393880136-0
                                                                                                                                                • Opcode ID: e3141ae4794dbc23e1ed0a4f525c76de6ecc5874af5ba3a129f266a72dba5418
                                                                                                                                                • Instruction ID: 9b11e073988baa7b901c01109213c0b6e2663ad461211557b3a688b5ec612b7a
                                                                                                                                                • Opcode Fuzzy Hash: e3141ae4794dbc23e1ed0a4f525c76de6ecc5874af5ba3a129f266a72dba5418
                                                                                                                                                • Instruction Fuzzy Hash: 8951D7F060524096EF20EF65898872636A4ABC5314F16867BEE05BF2D6D3BCCC41976E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004095C4, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 76stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                			E004095C4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t17;
				signed short _t27;
				intOrPtr _t32;
				intOrPtr _t44;

				_t39 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t41 = __edx;
				_t27 = __eax;
				_push(_t44);
				_push(0x4096c7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				_push(0x45cb88);
				L004027BC();
				if(__eax !=  *0x45cba0) {
					_push(0x45cb88);
					L004027C4();
					E00406F48(__edx);
					if(IsValidLocale(_t27 & 0x0000ffff, 2) != 0) {
						if( *0x45cb84 == 0) {
							_t17 = E004092AC(_t27, _t27, _t41, __edi, _t41);
							L0040287C();
							if(_t27 != _t17) {
								if( *_t41 != 0) {
									_t17 = E00407D94(_t41, E004096E0);
								}
								L0040287C();
								E004092AC(_t17, _t27,  &_v8, _t39, _t41);
								E00407D94(_t41, _v8);
							}
						} else {
							E004094A8(_t27, _t41);
						}
					}
					_push(0x45cb88);
					L004027BC();
					 *0x45cba0 = _t27;
					lstrcpynW(L"en-US,en,", E00407BA8( *_t41), 0xaa);
					_push(0x45cb88);
					L004027C4();
				} else {
					E00407C3C(__edx, 0x55, L"en-US,en,");
					_push(0x45cb88);
					L004027C4();
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(E004096CE);
				return E00406F48( &_v8);
			}








                                                                                                                                                0x004095c4
                                                                                                                                                0x004095c7
                                                                                                                                                0x004095c9
                                                                                                                                                0x004095ca
                                                                                                                                                0x004095cb
                                                                                                                                                0x004095cd
                                                                                                                                                0x004095d1
                                                                                                                                                0x004095d2
                                                                                                                                                0x004095d7
                                                                                                                                                0x004095da
                                                                                                                                                0x004095dd
                                                                                                                                                0x004095e2
                                                                                                                                                0x004095ee
                                                                                                                                                0x00409610
                                                                                                                                                0x00409615
                                                                                                                                                0x0040961c
                                                                                                                                                0x0040962e
                                                                                                                                                0x00409637
                                                                                                                                                0x00409648
                                                                                                                                                0x0040964d
                                                                                                                                                0x00409655
                                                                                                                                                0x0040965a
                                                                                                                                                0x00409663
                                                                                                                                                0x00409663
                                                                                                                                                0x00409668
                                                                                                                                                0x00409670
                                                                                                                                                0x0040967a
                                                                                                                                                0x0040967a
                                                                                                                                                0x00409639
                                                                                                                                                0x0040963d
                                                                                                                                                0x0040963d
                                                                                                                                                0x00409637
                                                                                                                                                0x0040967f
                                                                                                                                                0x00409684
                                                                                                                                                0x00409689
                                                                                                                                                0x004096a2
                                                                                                                                                0x004096a7
                                                                                                                                                0x004096ac
                                                                                                                                                0x004095f0
                                                                                                                                                0x004095fc
                                                                                                                                                0x00409601
                                                                                                                                                0x00409606
                                                                                                                                                0x00409606
                                                                                                                                                0x004096b3
                                                                                                                                                0x004096b6
                                                                                                                                                0x004096b9
                                                                                                                                                0x004096c6

                                                                                                                                                APIs
                                                                                                                                                • RtlEnterCriticalSection.NTDLL(0045CB88), ref: 004095E2
                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0045CB88), ref: 00409606
                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0045CB88), ref: 00409615
                                                                                                                                                • IsValidLocale.KERNEL32(00000000,00000002,0045CB88,0045CB88,00000000,004096C7,?,?,?,00000000,?,00409F7E,00000000,00409FDD), ref: 00409627
                                                                                                                                                • RtlEnterCriticalSection.NTDLL(0045CB88), ref: 00409684
                                                                                                                                                • lstrcpynW.KERNEL32(en-US,en,,00000000,000000AA,0045CB88,00000000,00000002,0045CB88,0045CB88,00000000,004096C7,?,?,?,00000000,?,00409F7E), ref: 004096A2
                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0045CB88), ref: 004096AC
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$Leave$Enter$LocaleValidlstrcpyn
                                                                                                                                                • String ID: en-US,en,
                                                                                                                                                • API String ID: 1058953229-3579323720
                                                                                                                                                • Opcode ID: 58668feda9753c0b78899ffd5d5b358cc16d236fa6557afa219fb05d9e8e63aa
                                                                                                                                                • Instruction ID: e691f586027c4948590b9189270a4bcac96f8322a1b778a44ed6bfc63ae68420
                                                                                                                                                • Opcode Fuzzy Hash: 58668feda9753c0b78899ffd5d5b358cc16d236fa6557afa219fb05d9e8e63aa
                                                                                                                                                • Instruction Fuzzy Hash: CE2166247543046FD611B7B69D57B2A31589F44B19F60487FB440B72D3CABEAC01C66E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040AAB9, Relevance: 13.8, APIs: 9, Instructions: 257COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                			E0040AAB9(void* __eflags) {
				signed int _t104;
				signed int _t106;
				signed int _t108;
				_Unknown_base(*)()* _t110;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t141;
				long _t166;
				signed int* _t191;
				_Unknown_base(*)()* _t192;
				void* _t197;
				intOrPtr _t199;
				void* _t201;
				void* _t203;

				_t201 = _t203;
				_push( *((intOrPtr*)(_t201 + 8)));
				memcpy(_t201 - 0x34, 0x458c30, 8 << 2);
				_pop(_t197);
				 *(_t201 - 0x34) =  *0x458c30;
				 *(_t201 - 0x30) = E0040AF68( *0x00458C34);
				 *(_t201 - 0x2c) = E0040AF78( *0x00458C38);
				 *((intOrPtr*)(_t201 - 0x28)) = E0040AF88( *0x00458C3C);
				 *((intOrPtr*)(_t201 - 0x24)) = E0040AF98( *0x00458C40);
				 *((intOrPtr*)(_t201 - 0x20)) = E0040AF98( *0x00458C44);
				 *((intOrPtr*)(_t201 - 0x1c)) = E0040AF98( *0x00458C48);
				 *((intOrPtr*)(_t201 - 0x18)) =  *0x00458C4C;
				memcpy(_t201 - 0x58, 0x458c50, 9 << 2);
				_t199 = _t197;
				 *(_t201 - 0x54) = 0x458c50;
				 *((intOrPtr*)(_t201 - 0x50)) =  *((intOrPtr*)(_t201 + 0xc));
				 *(_t201 - 0x4c) =  *(_t201 - 0x30);
				if(( *(_t201 - 0x34) & 0x00000001) != 0) {
					_t104 =  *((intOrPtr*)(_t201 + 0xc)) -  *((intOrPtr*)(_t201 - 0x28));
					_t141 =  *( *(_t201 - 0x2c));
					if(_t104 < 0) {
						_t104 = _t104 + 3;
					}
					 *(_t201 - 8) = _t104 >> 2;
					_t106 =  *(_t201 - 8);
					_t191 = (_t106 << 2) +  *((intOrPtr*)(_t201 - 0x24));
					_t108 = (_t106 & 0xffffff00 | (_t191[0] & 0x00000080) == 0x00000000) & 0x00000001;
					 *(_t201 - 0x48) = _t108;
					if(_t108 == 0) {
						 *(_t201 - 0x44) =  *_t191 & 0x0000ffff;
					} else {
						 *(_t201 - 0x44) = E0040AFA8( *_t191) + 2;
					}
					_t192 = 0;
					if( *0x45cc58 == 0) {
						L10:
						if(_t141 != 0) {
							L25:
							 *(_t201 - 0x40) = _t141;
							if( *0x45cc58 != 0) {
								_t192 =  *0x45cc58(2, _t201 - 0x58);
							}
							if(_t192 != 0) {
								L36:
								if(_t192 == 0) {
									 *((intOrPtr*)(_t201 - 0x38)) = GetLastError();
									if( *0x45cc5c != 0) {
										_t192 =  *0x45cc5c(4, _t201 - 0x58);
									}
									if(_t192 == 0) {
										_t113 =  *0x458c7c; // 0x0
										 *(_t201 - 0x14) = _t113;
										 *(_t201 - 0x14) = _t201 - 0x58;
										RaiseException(0xc06d007f, 0, 1, _t201 - 0x14);
										_t192 =  *((intOrPtr*)(_t201 - 0x3c));
									}
								}
								goto L41;
							} else {
								if( *((intOrPtr*)(_t199 + 0x14)) == 0 ||  *((intOrPtr*)(_t199 + 0x1c)) == 0) {
									L35:
									_t192 = GetProcAddress(_t141,  *(_t201 - 0x44));
									goto L36;
								} else {
									_t119 =  *((intOrPtr*)(_t141 + 0x3c)) + _t141;
									if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) !=  *((intOrPtr*)(_t201 - 0x18)) || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t141) & 0x00000001) == 0) {
										goto L35;
									} else {
										_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t201 - 0x20)) +  *(_t201 - 8) * 4));
										if(_t192 == 0) {
											goto L35;
										}
										L41:
										 *((intOrPtr*)( *((intOrPtr*)(_t201 + 0xc)))) = _t192;
										goto L42;
									}
								}
							}
						}
						if( *0x45cc58 != 0) {
							_t141 =  *0x45cc58(1, _t201 - 0x58);
						}
						if(_t141 == 0) {
							_t141 = LoadLibraryA( *(_t201 - 0x4c));
						}
						if(_t141 != 0) {
							L20:
							if(_t141 == E0040A960( *(_t201 - 0x2c), _t141)) {
								FreeLibrary(_t141);
							} else {
								if( *((intOrPtr*)(_t199 + 0x18)) != 0) {
									_t124 = LocalAlloc(0x40, 8);
									 *(_t201 - 0x10) = _t124;
									if(_t124 != 0) {
										 *((intOrPtr*)( *(_t201 - 0x10) + 4)) = _t199;
										_t126 =  *0x458c2c; // 0x0
										 *( *(_t201 - 0x10)) = _t126;
										 *0x458c2c =  *(_t201 - 0x10);
									}
								}
							}
							goto L25;
						} else {
							 *((intOrPtr*)(_t201 - 0x38)) = GetLastError();
							if( *0x45cc5c != 0) {
								_t141 =  *0x45cc5c(3, _t201 - 0x58);
							}
							if(_t141 != 0) {
								goto L20;
							} else {
								_t128 =  *0x458c78; // 0x0
								 *(_t201 - 0xc) = _t128;
								 *(_t201 - 0xc) = _t201 - 0x58;
								RaiseException(0xc06d007e, 0, 1, _t201 - 0xc);
								_t110 =  *((intOrPtr*)(_t201 - 0x3c));
								goto L45;
							}
						}
					} else {
						_t192 =  *0x45cc58(0, _t201 - 0x58);
						if(_t192 == 0) {
							goto L10;
						} else {
							L42:
							if( *0x45cc58 != 0) {
								 *((intOrPtr*)(_t201 - 0x38)) = 0;
								 *(_t201 - 0x40) = _t141;
								 *((intOrPtr*)(_t201 - 0x3c)) = _t192;
								 *0x45cc58(5, _t201 - 0x58);
							}
							_t110 = _t192;
							goto L45;
						}
					}
				} else {
					_t166 =  *0x458c74; // 0x0
					 *(_t201 - 4) = _t166;
					 *(_t201 - 4) = _t201 - 0x58;
					RaiseException(0xc06d0057, 0, 1, _t201 - 4);
					_t110 = 0;
					L45:
					return _t110;
				}
			}




















                                                                                                                                                0x0040aab9
                                                                                                                                                0x0040aacc
                                                                                                                                                0x0040aad2
                                                                                                                                                0x0040aad4
                                                                                                                                                0x0040aad7
                                                                                                                                                0x0040aae4
                                                                                                                                                0x0040aaf1
                                                                                                                                                0x0040aafe
                                                                                                                                                0x0040ab0b
                                                                                                                                                0x0040ab18
                                                                                                                                                0x0040ab25
                                                                                                                                                0x0040ab2e
                                                                                                                                                0x0040ab3c
                                                                                                                                                0x0040ab3e
                                                                                                                                                0x0040ab3f
                                                                                                                                                0x0040ab45
                                                                                                                                                0x0040ab4b
                                                                                                                                                0x0040ab52
                                                                                                                                                0x0040ab82
                                                                                                                                                0x0040ab87
                                                                                                                                                0x0040ab89
                                                                                                                                                0x0040ab8b
                                                                                                                                                0x0040ab8b
                                                                                                                                                0x0040ab91
                                                                                                                                                0x0040ab94
                                                                                                                                                0x0040ab9c
                                                                                                                                                0x0040aba6
                                                                                                                                                0x0040aba9
                                                                                                                                                0x0040abae
                                                                                                                                                0x0040abc9
                                                                                                                                                0x0040abb0
                                                                                                                                                0x0040abbc
                                                                                                                                                0x0040abbc
                                                                                                                                                0x0040abcc
                                                                                                                                                0x0040abd5
                                                                                                                                                0x0040abee
                                                                                                                                                0x0040abf0
                                                                                                                                                0x0040acb2
                                                                                                                                                0x0040acb2
                                                                                                                                                0x0040acbc
                                                                                                                                                0x0040acca
                                                                                                                                                0x0040acca
                                                                                                                                                0x0040acce
                                                                                                                                                0x0040ad1b
                                                                                                                                                0x0040ad1d
                                                                                                                                                0x0040ad24
                                                                                                                                                0x0040ad2e
                                                                                                                                                0x0040ad3c
                                                                                                                                                0x0040ad3c
                                                                                                                                                0x0040ad40
                                                                                                                                                0x0040ad42
                                                                                                                                                0x0040ad47
                                                                                                                                                0x0040ad4d
                                                                                                                                                0x0040ad5d
                                                                                                                                                0x0040ad62
                                                                                                                                                0x0040ad62
                                                                                                                                                0x0040ad40
                                                                                                                                                0x00000000
                                                                                                                                                0x0040acd0
                                                                                                                                                0x0040acd4
                                                                                                                                                0x0040ad0f
                                                                                                                                                0x0040ad19
                                                                                                                                                0x00000000
                                                                                                                                                0x0040acdc
                                                                                                                                                0x0040acdf
                                                                                                                                                0x0040ace7
                                                                                                                                                0x00000000
                                                                                                                                                0x0040ad00
                                                                                                                                                0x0040ad06
                                                                                                                                                0x0040ad0b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040ad65
                                                                                                                                                0x0040ad68
                                                                                                                                                0x00000000
                                                                                                                                                0x0040ad68
                                                                                                                                                0x0040ace7
                                                                                                                                                0x0040acd4
                                                                                                                                                0x0040acce
                                                                                                                                                0x0040abfd
                                                                                                                                                0x0040ac0b
                                                                                                                                                0x0040ac0b
                                                                                                                                                0x0040ac0f
                                                                                                                                                0x0040ac1a
                                                                                                                                                0x0040ac1a
                                                                                                                                                0x0040ac1e
                                                                                                                                                0x0040ac6b
                                                                                                                                                0x0040ac77
                                                                                                                                                0x0040acad
                                                                                                                                                0x0040ac79
                                                                                                                                                0x0040ac7d
                                                                                                                                                0x0040ac83
                                                                                                                                                0x0040ac88
                                                                                                                                                0x0040ac8d
                                                                                                                                                0x0040ac94
                                                                                                                                                0x0040ac9a
                                                                                                                                                0x0040ac9f
                                                                                                                                                0x0040aca4
                                                                                                                                                0x0040aca4
                                                                                                                                                0x0040ac8d
                                                                                                                                                0x0040ac7d
                                                                                                                                                0x00000000
                                                                                                                                                0x0040ac20
                                                                                                                                                0x0040ac25
                                                                                                                                                0x0040ac2f
                                                                                                                                                0x0040ac3d
                                                                                                                                                0x0040ac3d
                                                                                                                                                0x0040ac41
                                                                                                                                                0x00000000
                                                                                                                                                0x0040ac43
                                                                                                                                                0x0040ac43
                                                                                                                                                0x0040ac48
                                                                                                                                                0x0040ac4e
                                                                                                                                                0x0040ac5e
                                                                                                                                                0x0040ac63
                                                                                                                                                0x00000000
                                                                                                                                                0x0040ac63
                                                                                                                                                0x0040ac41
                                                                                                                                                0x0040abd7
                                                                                                                                                0x0040abe3
                                                                                                                                                0x0040abe7
                                                                                                                                                0x00000000
                                                                                                                                                0x0040abe9
                                                                                                                                                0x0040ad6a
                                                                                                                                                0x0040ad71
                                                                                                                                                0x0040ad75
                                                                                                                                                0x0040ad78
                                                                                                                                                0x0040ad7b
                                                                                                                                                0x0040ad84
                                                                                                                                                0x0040ad84
                                                                                                                                                0x0040ad8a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040ad8a
                                                                                                                                                0x0040abe7
                                                                                                                                                0x0040ab54
                                                                                                                                                0x0040ab54
                                                                                                                                                0x0040ab5a
                                                                                                                                                0x0040ab60
                                                                                                                                                0x0040ab70
                                                                                                                                                0x0040ab75
                                                                                                                                                0x0040ad8c
                                                                                                                                                0x0040ad92
                                                                                                                                                0x0040ad92

                                                                                                                                                APIs
                                                                                                                                                • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040AB70
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                • Opcode ID: b2fe304eff160e06df94bd44883ba68fc7d934a530b1ddaf75dc7c4c8f16659d
                                                                                                                                                • Instruction ID: 9264473c5b9667787e6bc1496f8e72f41bdf7ef84a87389aa7b139743c16dd27
                                                                                                                                                • Opcode Fuzzy Hash: b2fe304eff160e06df94bd44883ba68fc7d934a530b1ddaf75dc7c4c8f16659d
                                                                                                                                                • Instruction Fuzzy Hash: E9A170B5A003099FDB11DFA8D880BAEB7B5AF48311F14413AE505B73C1DB78E954CB9A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403E44, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 285windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                			E00403E44(void* __eax, void* __fp0) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				signed short* _v112676;
				void* _v112680;
				char _v129064;
				char _v131113;
				char _v161832;
				void* __ebx;
				void* _t74;
				int _t80;
				intOrPtr _t83;
				intOrPtr _t94;
				CHAR* _t98;
				intOrPtr _t100;
				void* _t112;
				intOrPtr _t113;
				intOrPtr _t119;
				intOrPtr _t124;
				void* _t134;
				intOrPtr _t135;
				intOrPtr _t139;
				signed int _t149;
				int _t153;
				intOrPtr _t154;
				char* _t156;
				char* _t157;
				char* _t158;
				char* _t159;
				char* _t160;
				char* _t161;
				char* _t163;
				char* _t164;
				char* _t169;
				char* _t170;
				intOrPtr _t201;
				void* _t203;
				void* _t204;
				intOrPtr* _t207;
				void* _t209;
				void* _t210;
				signed int _t215;
				void* _t218;
				void* _t219;
				void* _t232;

				_push(__eax);
				_t74 = 0x27;
				goto L1;
				L12:
				while(_t201 != 0x45aa58) {
					_t80 = E00403944(_t201, _t153, _t186);
					_t153 = _t80;
					__eflags = _t153;
					if(_t153 == 0) {
						L11:
						_t20 = _t201 + 4; // 0x45aa58
						_t201 =  *_t20;
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						_t215 =  *(_t153 - 4);
						__eflags = _t215 & 0x00000001;
						if((_t215 & 0x00000001) == 0) {
							__eflags = _t215 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t215 & 0xfffffff0) - 4;
									_t149 = E00403C30(_t153);
									__eflags = _t149;
									if(_t149 == 0) {
										_v112645 = 0;
										_t186 = _v112664;
										 *((intOrPtr*)(_t218 + _v112652 * 4 - 0x1f824)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E00403C88(_t153, __eflags, _t218);
							}
						}
						_t80 = E00403920(_t153);
						_t153 = _t80;
						__eflags = _t153;
					} while (_t153 != 0);
					goto L11;
				}
				_t154 =  *0x45cb00; // 0x45cafc
				while(_t154 != 0x45cafc && _v112652 < 0x1000) {
					_t80 = E00403C30(_t154 + 0x10);
					__eflags = _t80;
					if(_t80 == 0) {
						_v112645 = 0;
						_t22 = _t154 + 0xc; // 0x0
						_t80 = _v112652;
						 *((intOrPtr*)(_t218 + _t80 * 4 - 0x1f824)) = ( *_t22 & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t29 = _t154 + 4; // 0x45cafc
					_t154 =  *_t29;
				}
				if(_v112645 != 0) {
					L54:
					return _t80;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t83 =  *0x458050; // 0x4029c8
				_t156 = E00403A10(E00407458(_t83),  &_v161832);
				_v112660 = 0x37;
				_v112676 = 0x458076;
				_v112680 =  &_v110600;
				do {
					_v112672 = ( *_v112676 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t203 = 0xff;
					_t207 = _v112680;
					while(_t156 <=  &_v131113) {
						if( *_t207 > 0) {
							if(_v112653 == 0) {
								_t139 =  *0x458054; // 0x4029f4
								_t156 = E00403A10(E00407458(_t139), _t156);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t156 = 0x2c;
								_t161 = _t156 + 1;
								 *_t161 = 0x20;
								_t162 = _t161 + 1;
								__eflags = _t161 + 1;
							} else {
								 *_t156 = 0xd;
								 *((char*)(_t156 + 1)) = 0xa;
								_t169 = E004039C0(_v112668 + 1, _t156 + 2);
								 *_t169 = 0x20;
								_t170 = _t169 + 1;
								 *_t170 = 0x2d;
								 *((char*)(_t170 + 1)) = 0x20;
								_t134 = E004039C0(_v112672, _t170 + 2);
								_t135 =  *0x45805c; // 0x402a5c
								_t162 = E00403A10(E00407458(_t135), _t134);
								_v112654 = 1;
							}
							_t112 = _t203 - 1;
							_t232 = _t112;
							if(_t232 < 0) {
								_t113 =  *0x458060; // 0x402a68
								_t163 = E00403A10(E00407458(_t113), _t162);
							} else {
								if(_t232 == 0) {
									_t119 =  *0x458064; // 0x402a70
									_t163 = E00403A10(E00407458(_t119), _t162);
								} else {
									if(_t112 == 1) {
										_t124 =  *0x458068; // 0x402a7c
										_t163 = E00403A10(E00407458(_t124), _t162);
									} else {
										_t163 = E00403A28( *((intOrPtr*)(_t207 - 4)), _t162);
									}
								}
							}
							 *_t163 = 0x20;
							_t164 = _t163 + 1;
							 *_t164 = 0x78;
							 *((char*)(_t164 + 1)) = 0x20;
							_t156 = E004039C0( *_t207, _t164 + 2);
						}
						_t203 = _t203 - 1;
						_t207 = _t207 - 8;
						if(_t203 != 0xffffffff) {
							continue;
						} else {
							goto L39;
						}
					}
					L39:
					if(_v112654 != 0 ||  *0x45aa56 == 0 || (_v112672 + 0x00000004 & 0x0000000f) == 0) {
						_v112668 = _v112672;
					}
					_v112680 = _v112680 + 0x800;
					_v112676 =  &(_v112676[0x10]);
					_t61 =  &_v112660;
					 *_t61 = _v112660 - 1;
				} while ( *_t61 != 0);
				if(_v112652 <= 0) {
					L53:
					_t94 =  *0x45806c; // 0x402a8c
					E00403A10(E00407458(_t94), _t156);
					_t98 =  *0x458070; // 0x402a90
					_t80 = MessageBoxA(0,  &_v161832, _t98, 0x2010);
					goto L54;
				}
				if(_v112653 != 0) {
					 *_t156 = 0xd;
					_t158 = _t156 + 1;
					 *_t158 = 0xa;
					_t159 = _t158 + 1;
					 *_t159 = 0xd;
					_t160 = _t159 + 1;
					 *_t160 = 0xa;
					_t156 = _t160 + 1;
				}
				_t100 =  *0x458058; // 0x402a1c
				_t156 = E00403A10(E00407458(_t100), _t156);
				_t209 = _v112652 - 1;
				if(_t209 >= 0) {
					_t210 = _t209 + 1;
					_t204 = 0;
					_v112680 =  &_v129064;
					L49:
					L49:
					if(_t204 != 0) {
						 *_t156 = 0x2c;
						_t157 = _t156 + 1;
						 *_t157 = 0x20;
						_t156 = _t157 + 1;
					}
					_t156 = E004039C0( *_v112680, _t156);
					if(_t156 >  &_v131113) {
						goto L53;
					}
					_t204 = _t204 + 1;
					_v112680 = _v112680 + 4;
					_t210 = _t210 - 1;
					if(_t210 != 0) {
						goto L49;
					}
				}
				L1:
				_t219 = _t219 + 0xfffff004;
				_push(_t74);
				_t74 = _t74 - 1;
				if(_t74 != 0) {
					goto L1;
				} else {
					_push(_t153);
					E00404DB4( &_v112644, 0x1b800);
					_t186 = 0x4000;
					E00404DB4( &_v129064, 0x4000);
					_t80 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t201 =  *0x45aa5c; // 0x45aa58
					goto L12;
				}
			}
























































                                                                                                                                                0x00403e47
                                                                                                                                                0x00403e48
                                                                                                                                                0x00403e48
                                                                                                                                                0x00000000
                                                                                                                                                0x00403f23
                                                                                                                                                0x00403ea3
                                                                                                                                                0x00403ea8
                                                                                                                                                0x00403eaa
                                                                                                                                                0x00403eac
                                                                                                                                                0x00403f20
                                                                                                                                                0x00403f20
                                                                                                                                                0x00403f20
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403eae
                                                                                                                                                0x00403eae
                                                                                                                                                0x00403eb3
                                                                                                                                                0x00403eb5
                                                                                                                                                0x00403ebb
                                                                                                                                                0x00403ebd
                                                                                                                                                0x00403ec3
                                                                                                                                                0x00403ed0
                                                                                                                                                0x00403eda
                                                                                                                                                0x00403ee2
                                                                                                                                                0x00403eea
                                                                                                                                                0x00403eef
                                                                                                                                                0x00403ef1
                                                                                                                                                0x00403ef3
                                                                                                                                                0x00403f00
                                                                                                                                                0x00403f06
                                                                                                                                                0x00403f0d
                                                                                                                                                0x00403f0d
                                                                                                                                                0x00403f0d
                                                                                                                                                0x00403f0d
                                                                                                                                                0x00403ef1
                                                                                                                                                0x00403ec5
                                                                                                                                                0x00403ec8
                                                                                                                                                0x00403ecd
                                                                                                                                                0x00403ec3
                                                                                                                                                0x00403f15
                                                                                                                                                0x00403f1a
                                                                                                                                                0x00403f1c
                                                                                                                                                0x00403f1c
                                                                                                                                                0x00000000
                                                                                                                                                0x00403eae
                                                                                                                                                0x00403f2f
                                                                                                                                                0x00403f6e
                                                                                                                                                0x00403f3c
                                                                                                                                                0x00403f41
                                                                                                                                                0x00403f43
                                                                                                                                                0x00403f45
                                                                                                                                                0x00403f4c
                                                                                                                                                0x00403f58
                                                                                                                                                0x00403f5e
                                                                                                                                                0x00403f65
                                                                                                                                                0x00403f65
                                                                                                                                                0x00403f65
                                                                                                                                                0x00403f65
                                                                                                                                                0x00403f6b
                                                                                                                                                0x00403f6b
                                                                                                                                                0x00403f6b
                                                                                                                                                0x00403f89
                                                                                                                                                0x0040423d
                                                                                                                                                0x00404243
                                                                                                                                                0x00404243
                                                                                                                                                0x00403f8f
                                                                                                                                                0x00403f98
                                                                                                                                                0x00403f9e
                                                                                                                                                0x00403fba
                                                                                                                                                0x00403fbc
                                                                                                                                                0x00403fc6
                                                                                                                                                0x00403fd6
                                                                                                                                                0x00403fdc
                                                                                                                                                0x00403fe8
                                                                                                                                                0x00403fee
                                                                                                                                                0x00403ff5
                                                                                                                                                0x00404000
                                                                                                                                                0x00404002
                                                                                                                                                0x00404013
                                                                                                                                                0x00404020
                                                                                                                                                0x00404022
                                                                                                                                                0x0040403a
                                                                                                                                                0x0040403c
                                                                                                                                                0x0040403c
                                                                                                                                                0x0040404a
                                                                                                                                                0x004040a2
                                                                                                                                                0x004040a5
                                                                                                                                                0x004040a6
                                                                                                                                                0x004040a9
                                                                                                                                                0x004040a9
                                                                                                                                                0x0040404c
                                                                                                                                                0x0040404c
                                                                                                                                                0x00404050
                                                                                                                                                0x00404062
                                                                                                                                                0x00404064
                                                                                                                                                0x00404067
                                                                                                                                                0x00404068
                                                                                                                                                0x0040406c
                                                                                                                                                0x00404078
                                                                                                                                                0x0040407f
                                                                                                                                                0x00404097
                                                                                                                                                0x00404099
                                                                                                                                                0x00404099
                                                                                                                                                0x004040ac
                                                                                                                                                0x004040ac
                                                                                                                                                0x004040af
                                                                                                                                                0x004040b8
                                                                                                                                                0x004040d0
                                                                                                                                                0x004040b1
                                                                                                                                                0x004040b1
                                                                                                                                                0x004040d4
                                                                                                                                                0x004040ec
                                                                                                                                                0x004040b3
                                                                                                                                                0x004040b4
                                                                                                                                                0x004040f0
                                                                                                                                                0x00404108
                                                                                                                                                0x004040b6
                                                                                                                                                0x00404116
                                                                                                                                                0x00404116
                                                                                                                                                0x004040b4
                                                                                                                                                0x004040b1
                                                                                                                                                0x00404118
                                                                                                                                                0x0040411b
                                                                                                                                                0x0040411c
                                                                                                                                                0x00404120
                                                                                                                                                0x0040412d
                                                                                                                                                0x0040412d
                                                                                                                                                0x0040412f
                                                                                                                                                0x00404130
                                                                                                                                                0x00404136
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404136
                                                                                                                                                0x0040413c
                                                                                                                                                0x00404143
                                                                                                                                                0x00404161
                                                                                                                                                0x00404161
                                                                                                                                                0x00404167
                                                                                                                                                0x00404171
                                                                                                                                                0x00404178
                                                                                                                                                0x00404178
                                                                                                                                                0x00404178
                                                                                                                                                0x0040418b
                                                                                                                                                0x0040420c
                                                                                                                                                0x0040420c
                                                                                                                                                0x0040421f
                                                                                                                                                0x00404229
                                                                                                                                                0x00404238
                                                                                                                                                0x00000000
                                                                                                                                                0x00404238
                                                                                                                                                0x00404194
                                                                                                                                                0x00404196
                                                                                                                                                0x00404199
                                                                                                                                                0x0040419a
                                                                                                                                                0x0040419d
                                                                                                                                                0x0040419e
                                                                                                                                                0x004041a1
                                                                                                                                                0x004041a2
                                                                                                                                                0x004041a5
                                                                                                                                                0x004041a5
                                                                                                                                                0x004041a6
                                                                                                                                                0x004041be
                                                                                                                                                0x004041c6
                                                                                                                                                0x004041c9
                                                                                                                                                0x004041cb
                                                                                                                                                0x004041cc
                                                                                                                                                0x004041d4
                                                                                                                                                0x00000000
                                                                                                                                                0x004041da
                                                                                                                                                0x004041dc
                                                                                                                                                0x004041de
                                                                                                                                                0x004041e1
                                                                                                                                                0x004041e2
                                                                                                                                                0x004041e5
                                                                                                                                                0x004041e5
                                                                                                                                                0x004041f5
                                                                                                                                                0x004041ff
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404201
                                                                                                                                                0x00404202
                                                                                                                                                0x00404209
                                                                                                                                                0x0040420a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040420a
                                                                                                                                                0x00403e4d
                                                                                                                                                0x00403e4d
                                                                                                                                                0x00403e53
                                                                                                                                                0x00403e54
                                                                                                                                                0x00403e55
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e57
                                                                                                                                                0x00403e60
                                                                                                                                                0x00403e70
                                                                                                                                                0x00403e7d
                                                                                                                                                0x00403e82
                                                                                                                                                0x00403e87
                                                                                                                                                0x00403e89
                                                                                                                                                0x00403e8f
                                                                                                                                                0x00403e96
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e96

                                                                                                                                                APIs
                                                                                                                                                • MessageBoxA.USER32(00000000,?,00402A90,00002010), ref: 00404238
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Message
                                                                                                                                                • String ID: $7$\*@$h*@$p*@$|*@
                                                                                                                                                • API String ID: 2030045667-1794093018
                                                                                                                                                • Opcode ID: e8cb8c85448a82b7dec65ed3eafb0fa5cb25d6073847a35959198071718bde22
                                                                                                                                                • Instruction ID: bb3347da14cb2b01ca166337111252545d07054d3d8805d36a910ef66027ae92
                                                                                                                                                • Opcode Fuzzy Hash: e8cb8c85448a82b7dec65ed3eafb0fa5cb25d6073847a35959198071718bde22
                                                                                                                                                • Instruction Fuzzy Hash: 4EB1A470B042548BDB20EB2DC884B997BE8AB49705F0441FAE549FB3C2CF789D85CB59
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406CB0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40filewindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                			E00406CB0(void* __ecx) {
				long _v4;
				int _t3;
				void* _t9;

				if( *0x45a058 == 0) {
					if( *0x45802e == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x45a344 == 0xd7b2 &&  *0x45a34c > 0) {
						 *0x45a35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E004077C0(0x406d44);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                                                                                                0x00406cb8
                                                                                                                                                0x00406d1e
                                                                                                                                                0x00406d2e
                                                                                                                                                0x00406d2e
                                                                                                                                                0x00406d34
                                                                                                                                                0x00406cba
                                                                                                                                                0x00406cc3
                                                                                                                                                0x00406cd3
                                                                                                                                                0x00406cd3
                                                                                                                                                0x00406cef
                                                                                                                                                0x00406d02
                                                                                                                                                0x00406d16
                                                                                                                                                0x00406d16

                                                                                                                                                APIs
                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?,?,00406E7E,004045BB,00404602), ref: 00406CE9
                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?,?,00406E7E,004045BB,00404602), ref: 00406CEF
                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69,?,?,?), ref: 00406D0A
                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00406D69), ref: 00406D10
                                                                                                                                                • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00406D2E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileHandleWrite$Message
                                                                                                                                                • String ID: Error$Runtime error at 00000000
                                                                                                                                                • API String ID: 1570097196-2970929446
                                                                                                                                                • Opcode ID: 8efc43f8e30ec1997838b64e481900a0c1c759a9c8881dde3b45258960399604
                                                                                                                                                • Instruction ID: fe01dd67d756f7db6c6824465d8ae9be5c63675615751d6c8da0d5b36d3669a8
                                                                                                                                                • Opcode Fuzzy Hash: 8efc43f8e30ec1997838b64e481900a0c1c759a9c8881dde3b45258960399604
                                                                                                                                                • Instruction Fuzzy Hash: 11F0C8A064434075F61073A45D4EF2626484B44B1AF10423FB911750D3CAFC9494962F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004035D4, Relevance: 10.9, APIs: 7, Instructions: 363COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                			E004035D4(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t193;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				void* _t206;
				unsigned int _t208;
				intOrPtr _t214;
				void* _t226;
				intOrPtr _t228;
				void* _t229;
				signed int _t231;
				void* _t233;
				signed int _t234;
				signed int _t235;
				signed int _t239;
				signed int _t242;
				void* _t244;
				intOrPtr* _t245;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t218 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t218);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t226);
							_t245 = _t244 + 0xffffffe0;
							_t219 = __edx;
							_t203 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403058(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t219 - 0x40a2c;
										if(_t219 > 0x40a2c) {
											_t78 = _t203 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t219;
										}
										E00402C18(_t203, _t219, _t150);
										E004033DC(_t203, _t203, _t226);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t228 = __edx;
								} else {
									_t228 = 0xbadb9d;
								}
								 *_t245 = _t203 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t245 + 8), _t245 + 8, 0x1c);
								if( *((intOrPtr*)(_t245 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403058(_t228);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t228 - 0x40a2c;
										if(_t228 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t219;
										}
										E00402BE8(_t203,  *((intOrPtr*)(_t203 - 0x10 + 8)), _t150);
										E004033DC(_t203, _t203, _t228);
									}
								} else {
									 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0xffff0000;
									_t94 =  *(_t245 + 0x10);
									if(_t219 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t228 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t245 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t245 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t203 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t219;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t203;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t206 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t226);
						if(__edx > _t171) {
							_t102 =  *(_t206 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t229 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t208 = _t171;
								_t109 = E00403058(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t193 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t229 - 0x40a2c;
									if(_t229 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t193;
									}
									_t231 = _t109;
									E00402BE8(_t218, _t208, _t109);
									E004033DC(_t218, _t208, _t231);
									return _t231;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t233 = _t171 + _t115;
								__eflags = __edx - _t233;
								if(__edx > _t233) {
									goto L75;
								} else {
									__eflags =  *0x45a059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00402C34(_t206);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t196 = _t233 + 4 - _t123;
										__eflags = _t196;
										if(_t196 > 0) {
											 *(_t218 + _t233 - 4) = _t196;
											 *((intOrPtr*)(_t218 - 4 + _t123)) = _t196 + 3;
											_t234 = _t123;
											__eflags = _t196 - 0xb30;
											if(_t196 >= 0xb30) {
												__eflags = _t123 + _t218;
												E00402C74(_t123 + _t218, _t171, _t196);
											}
										} else {
											 *(_t218 + _t233) =  *(_t218 + _t233) & 0xfffffff7;
											_t234 = _t233 + 4;
										}
										_t235 = _t234 | _t156;
										__eflags = _t235;
										 *(_t218 - 4) = _t235;
										 *0x45aa68 = 0;
										_t109 = _t218;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x45aa68], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x45a909;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x45aa68], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										_t129 =  *(_t206 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x45aa68 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t233 = _t171 + _t115;
											__eflags = _t176 - _t233;
											if(_t176 > _t233) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t239 = (_t176 + 0x000000d3 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t239;
									__eflags =  *0x45a059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x45aa68], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x45a909;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x45aa68], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										__eflags = 0xf;
									}
									 *(_t218 - 4) = _t156 | _t239;
									_t161 = _t174;
									_t197 =  *(_t206 - 4);
									__eflags = _t197 & 0x00000001;
									if((_t197 & 0x00000001) != 0) {
										_t131 = _t206;
										_t198 = _t197 & 0xfffffff0;
										_t161 = _t161 + _t198;
										_t206 = _t206 + _t198;
										__eflags = _t198 - 0xb30;
										if(_t198 >= 0xb30) {
											E00402C34(_t131);
										}
									} else {
										 *(_t206 - 4) = _t197 | 0x00000008;
									}
									 *((intOrPtr*)(_t206 - 8)) = _t161;
									 *((intOrPtr*)(_t218 + _t239 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00402C74(_t218 + _t239, _t174, _t161);
									}
									 *0x45aa68 = 0;
									return _t218;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t214 = __edx;
										_t140 = E00403058(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t242 = _t140;
											E00402C18(_t218, _t214, _t140);
											E004033DC(_t218, _t214, _t242);
											_t140 = _t242;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403058((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E004033DC(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403058(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E004033DC(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                                                                                                0x004035d4
                                                                                                                                                0x004035d4
                                                                                                                                                0x004035d4
                                                                                                                                                0x004035dc
                                                                                                                                                0x004035de
                                                                                                                                                0x0040366c
                                                                                                                                                0x0040366f
                                                                                                                                                0x004038dc
                                                                                                                                                0x004038dd
                                                                                                                                                0x004038de
                                                                                                                                                0x004038e1
                                                                                                                                                0x00402f08
                                                                                                                                                0x00402f09
                                                                                                                                                0x00402f0a
                                                                                                                                                0x00402f0b
                                                                                                                                                0x00402f0c
                                                                                                                                                0x00402f0f
                                                                                                                                                0x00402f11
                                                                                                                                                0x00402f18
                                                                                                                                                0x00402f21
                                                                                                                                                0x00402f26
                                                                                                                                                0x0040300f
                                                                                                                                                0x00403011
                                                                                                                                                0x00403024
                                                                                                                                                0x00403026
                                                                                                                                                0x00403028
                                                                                                                                                0x0040302a
                                                                                                                                                0x00403030
                                                                                                                                                0x00403034
                                                                                                                                                0x00403034
                                                                                                                                                0x00403037
                                                                                                                                                0x00403037
                                                                                                                                                0x00403040
                                                                                                                                                0x00403047
                                                                                                                                                0x00403047
                                                                                                                                                0x00403013
                                                                                                                                                0x00403013
                                                                                                                                                0x00403018
                                                                                                                                                0x00403018
                                                                                                                                                0x00402f2c
                                                                                                                                                0x00402f35
                                                                                                                                                0x00402f3b
                                                                                                                                                0x00402f37
                                                                                                                                                0x00402f37
                                                                                                                                                0x00402f37
                                                                                                                                                0x00402f47
                                                                                                                                                0x00402f56
                                                                                                                                                0x00402f63
                                                                                                                                                0x00402fd5
                                                                                                                                                0x00402fdc
                                                                                                                                                0x00402fde
                                                                                                                                                0x00402fe0
                                                                                                                                                0x00402fe2
                                                                                                                                                0x00402fe8
                                                                                                                                                0x00402fec
                                                                                                                                                0x00402fec
                                                                                                                                                0x00402fef
                                                                                                                                                0x00402fef
                                                                                                                                                0x00402fff
                                                                                                                                                0x00403006
                                                                                                                                                0x00403006
                                                                                                                                                0x00402f65
                                                                                                                                                0x00402f65
                                                                                                                                                0x00402f71
                                                                                                                                                0x00402f77
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f79
                                                                                                                                                0x00402f8a
                                                                                                                                                0x00402f8e
                                                                                                                                                0x00402f90
                                                                                                                                                0x00402f90
                                                                                                                                                0x00402fa6
                                                                                                                                                0x00000000
                                                                                                                                                0x00402fbe
                                                                                                                                                0x00402fc0
                                                                                                                                                0x00402fc3
                                                                                                                                                0x00402fce
                                                                                                                                                0x00402fd1
                                                                                                                                                0x00402fd1
                                                                                                                                                0x00402fa6
                                                                                                                                                0x00402f77
                                                                                                                                                0x00402f63
                                                                                                                                                0x00403055
                                                                                                                                                0x004038e7
                                                                                                                                                0x004038e7
                                                                                                                                                0x004038e9
                                                                                                                                                0x004038e9
                                                                                                                                                0x00403675
                                                                                                                                                0x00403677
                                                                                                                                                0x0040367a
                                                                                                                                                0x0040367b
                                                                                                                                                0x0040367e
                                                                                                                                                0x00403681
                                                                                                                                                0x00403684
                                                                                                                                                0x00403686
                                                                                                                                                0x00403687
                                                                                                                                                0x0040379c
                                                                                                                                                0x0040379f
                                                                                                                                                0x004037a1
                                                                                                                                                0x00403894
                                                                                                                                                0x0040389f
                                                                                                                                                0x004038a6
                                                                                                                                                0x004038a8
                                                                                                                                                0x004038ab
                                                                                                                                                0x004038b0
                                                                                                                                                0x004038b1
                                                                                                                                                0x004038b3
                                                                                                                                                0x00000000
                                                                                                                                                0x004038b5
                                                                                                                                                0x004038b5
                                                                                                                                                0x004038bb
                                                                                                                                                0x004038bd
                                                                                                                                                0x004038bd
                                                                                                                                                0x004038c0
                                                                                                                                                0x004038c8
                                                                                                                                                0x004038cf
                                                                                                                                                0x004038da
                                                                                                                                                0x004038da
                                                                                                                                                0x004037a7
                                                                                                                                                0x004037a7
                                                                                                                                                0x004037aa
                                                                                                                                                0x004037ad
                                                                                                                                                0x004037af
                                                                                                                                                0x00000000
                                                                                                                                                0x004037b5
                                                                                                                                                0x004037b5
                                                                                                                                                0x004037bc
                                                                                                                                                0x00403819
                                                                                                                                                0x00403819
                                                                                                                                                0x0040381e
                                                                                                                                                0x00403824
                                                                                                                                                0x00403829
                                                                                                                                                0x0040382a
                                                                                                                                                0x0040382a
                                                                                                                                                0x00403836
                                                                                                                                                0x00403847
                                                                                                                                                0x0040384d
                                                                                                                                                0x0040384d
                                                                                                                                                0x0040384f
                                                                                                                                                0x0040385c
                                                                                                                                                0x00403863
                                                                                                                                                0x00403867
                                                                                                                                                0x00403869
                                                                                                                                                0x0040386f
                                                                                                                                                0x00403871
                                                                                                                                                0x00403873
                                                                                                                                                0x00403873
                                                                                                                                                0x00403851
                                                                                                                                                0x00403851
                                                                                                                                                0x00403855
                                                                                                                                                0x00403855
                                                                                                                                                0x00403878
                                                                                                                                                0x00403878
                                                                                                                                                0x0040387a
                                                                                                                                                0x0040387d
                                                                                                                                                0x00403884
                                                                                                                                                0x00403886
                                                                                                                                                0x0040388a
                                                                                                                                                0x004037be
                                                                                                                                                0x004037be
                                                                                                                                                0x004037c3
                                                                                                                                                0x004037cb
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004037cd
                                                                                                                                                0x004037cf
                                                                                                                                                0x004037d6
                                                                                                                                                0x00000000
                                                                                                                                                0x004037d8
                                                                                                                                                0x004037dc
                                                                                                                                                0x004037e1
                                                                                                                                                0x004037e2
                                                                                                                                                0x004037e8
                                                                                                                                                0x004037f0
                                                                                                                                                0x004037f6
                                                                                                                                                0x004037fb
                                                                                                                                                0x004037fc
                                                                                                                                                0x00000000
                                                                                                                                                0x004037fc
                                                                                                                                                0x004037f0
                                                                                                                                                0x00000000
                                                                                                                                                0x004037d6
                                                                                                                                                0x00403805
                                                                                                                                                0x00403808
                                                                                                                                                0x0040380b
                                                                                                                                                0x0040380d
                                                                                                                                                0x0040388d
                                                                                                                                                0x0040388d
                                                                                                                                                0x00000000
                                                                                                                                                0x0040380f
                                                                                                                                                0x0040380f
                                                                                                                                                0x00403812
                                                                                                                                                0x00403815
                                                                                                                                                0x00403817
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403817
                                                                                                                                                0x0040380d
                                                                                                                                                0x004037bc
                                                                                                                                                0x004037af
                                                                                                                                                0x0040368d
                                                                                                                                                0x00403690
                                                                                                                                                0x00403692
                                                                                                                                                0x0040369c
                                                                                                                                                0x004036a2
                                                                                                                                                0x004036b9
                                                                                                                                                0x004036c5
                                                                                                                                                0x004036cb
                                                                                                                                                0x004036cd
                                                                                                                                                0x004036d4
                                                                                                                                                0x004036d6
                                                                                                                                                0x004036db
                                                                                                                                                0x004036e3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004036e5
                                                                                                                                                0x004036e7
                                                                                                                                                0x004036ee
                                                                                                                                                0x00000000
                                                                                                                                                0x004036f0
                                                                                                                                                0x004036f3
                                                                                                                                                0x004036f8
                                                                                                                                                0x004036fe
                                                                                                                                                0x00403706
                                                                                                                                                0x0040370b
                                                                                                                                                0x00403710
                                                                                                                                                0x00000000
                                                                                                                                                0x00403710
                                                                                                                                                0x00403706
                                                                                                                                                0x00000000
                                                                                                                                                0x004036ee
                                                                                                                                                0x00403719
                                                                                                                                                0x00403719
                                                                                                                                                0x00403719
                                                                                                                                                0x0040371e
                                                                                                                                                0x00403721
                                                                                                                                                0x00403723
                                                                                                                                                0x00403726
                                                                                                                                                0x00403729
                                                                                                                                                0x00403734
                                                                                                                                                0x00403736
                                                                                                                                                0x00403739
                                                                                                                                                0x0040373b
                                                                                                                                                0x0040373d
                                                                                                                                                0x00403743
                                                                                                                                                0x00403745
                                                                                                                                                0x00403745
                                                                                                                                                0x0040372b
                                                                                                                                                0x0040372e
                                                                                                                                                0x0040372e
                                                                                                                                                0x0040374a
                                                                                                                                                0x00403750
                                                                                                                                                0x00403754
                                                                                                                                                0x0040375a
                                                                                                                                                0x00403761
                                                                                                                                                0x00403761
                                                                                                                                                0x00403766
                                                                                                                                                0x00403773
                                                                                                                                                0x004036a4
                                                                                                                                                0x004036a4
                                                                                                                                                0x004036aa
                                                                                                                                                0x00403774
                                                                                                                                                0x00403778
                                                                                                                                                0x0040377d
                                                                                                                                                0x0040377f
                                                                                                                                                0x00403781
                                                                                                                                                0x00403789
                                                                                                                                                0x00403790
                                                                                                                                                0x00403795
                                                                                                                                                0x00403795
                                                                                                                                                0x0040379b
                                                                                                                                                0x004036b0
                                                                                                                                                0x004036b0
                                                                                                                                                0x004036b5
                                                                                                                                                0x004036b7
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004036b7
                                                                                                                                                0x004036aa
                                                                                                                                                0x00403694
                                                                                                                                                0x00403694
                                                                                                                                                0x00403698
                                                                                                                                                0x00403698
                                                                                                                                                0x00403692
                                                                                                                                                0x00403687
                                                                                                                                                0x004035e4
                                                                                                                                                0x004035e4
                                                                                                                                                0x004035e6
                                                                                                                                                0x004035ea
                                                                                                                                                0x004035ed
                                                                                                                                                0x004035ef
                                                                                                                                                0x00403628
                                                                                                                                                0x0040362c
                                                                                                                                                0x0040362d
                                                                                                                                                0x0040362f
                                                                                                                                                0x00403631
                                                                                                                                                0x00403633
                                                                                                                                                0x00403636
                                                                                                                                                0x00403638
                                                                                                                                                0x0040363a
                                                                                                                                                0x0040363f
                                                                                                                                                0x00403641
                                                                                                                                                0x00403643
                                                                                                                                                0x00403649
                                                                                                                                                0x0040364b
                                                                                                                                                0x0040364b
                                                                                                                                                0x00403652
                                                                                                                                                0x00403652
                                                                                                                                                0x00403655
                                                                                                                                                0x00403657
                                                                                                                                                0x00403660
                                                                                                                                                0x00403665
                                                                                                                                                0x00403665
                                                                                                                                                0x00403667
                                                                                                                                                0x00403668
                                                                                                                                                0x00403669
                                                                                                                                                0x0040366a
                                                                                                                                                0x004035f1
                                                                                                                                                0x004035f1
                                                                                                                                                0x004035f8
                                                                                                                                                0x004035fa
                                                                                                                                                0x00403600
                                                                                                                                                0x00403602
                                                                                                                                                0x00403604
                                                                                                                                                0x00403609
                                                                                                                                                0x0040360b
                                                                                                                                                0x0040360d
                                                                                                                                                0x0040360f
                                                                                                                                                0x00403611
                                                                                                                                                0x0040361c
                                                                                                                                                0x00403621
                                                                                                                                                0x00403621
                                                                                                                                                0x00403623
                                                                                                                                                0x00403624
                                                                                                                                                0x00403625
                                                                                                                                                0x004035fc
                                                                                                                                                0x004035fc
                                                                                                                                                0x004035fd
                                                                                                                                                0x004035fe
                                                                                                                                                0x004035fe
                                                                                                                                                0x004035fa
                                                                                                                                                0x004035ef

                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 71f64e1bdb7b35fec48c8f819c790700a65832aa6539ed00bc52fdfc18aab675
                                                                                                                                                • Instruction ID: e4c14585aa1b4b2d2bba146c775b8547e7d2cba4f623262dc4b88ac30ef64495
                                                                                                                                                • Opcode Fuzzy Hash: 71f64e1bdb7b35fec48c8f819c790700a65832aa6539ed00bc52fdfc18aab675
                                                                                                                                                • Instruction Fuzzy Hash: B3B129A27002040BE714AE7D9D8976EBB899BC5326F18827FF104EB3D5DA7CDE458358
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405EF8, Relevance: 10.6, APIs: 7, Instructions: 132threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405EF8(signed char* __eax, void* __ecx, void* __edx, void* __eflags) {
				void* _t49;
				long _t52;
				signed char _t53;
				signed char _t54;
				intOrPtr _t55;
				signed char _t56;
				signed char _t57;
				void* _t73;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t76;

				_t73 = __edx;
				_t74 = __eax;
				_t75 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t76 = E004061A8(_t74);
					if( *_t76 != 0 || _t73 == 0) {
						break;
					}
					_t76[1] = 0;
					if(_t75 <= 0) {
						while(1) {
							L17:
							_t53 =  *_t74;
							if(_t53 == 0) {
								goto L1;
							}
							if(_t53 != E00402728(_t74, _t53)) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t76[4] = GetTickCount();
								E004060F4(_t74);
								_t55 =  *0x45a8f8; // 0x459604
								 *((intOrPtr*)(_t55 + 0x10))();
								 *_t76 = 0 == 0;
								if(_t73 != 0xffffffff) {
									_t76[8] = GetTickCount();
									if(_t73 <= _t76[8] - _t76[4]) {
										_t73 = 0;
									} else {
										_t73 = _t73 - _t76[8] - _t76[4];
									}
								}
								if( *_t76 == 0) {
									do {
										_t56 =  *_t74;
									} while (_t56 != E00402728(_t74, _t56));
									_t76[1] = 1;
								} else {
									while(1) {
										_t57 =  *_t74;
										if((_t57 & 0x00000001) != 0) {
											goto L29;
										}
										if(_t57 != E00402728(_t74, _t57)) {
											continue;
										}
										_t76[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t76[1] == 0);
							if( *_t76 != 0) {
								_t74[8] = GetCurrentThreadId();
								_t74[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t76[4] = GetTickCount();
					if(_t75 <= 0) {
						L13:
						if(_t73 == 0xffffffff) {
							goto L17;
						}
						_t76[8] = GetTickCount();
						_t49 = _t76[8] - _t76[4];
						if(_t73 > _t49) {
							_t73 = _t73 - _t49;
							goto L17;
						}
						 *_t76 = 0;
						break;
					} else {
						goto L5;
					}
					do {
						L5:
						if(_t73 == 0xffffffff) {
							L8:
							_t54 =  *_t74;
							if(_t54 > 1) {
								goto L13;
							}
							if(_t54 != 0 || E00402728(_t74, 0) != 0) {
								goto L12;
							} else {
								_t74[8] = GetCurrentThreadId();
								_t74[4] = 1;
								 *_t76 = 1;
								goto L32;
							}
						}
						_t52 = GetTickCount();
						_t46 = _t52 - _t76[4];
						if(_t73 > _t52 - _t76[4]) {
							goto L8;
						} else {
							 *_t76 = 0;
							goto L32;
						}
						L12:
						_t46 = E004061EC(_t46);
						_t75 = _t75 - 1;
					} while (_t75 > 0);
					goto L13;
				}
				L32:
				return  *_t76 & 0x000000ff;
			}














                                                                                                                                                0x00405eff
                                                                                                                                                0x00405f01
                                                                                                                                                0x00405f03
                                                                                                                                                0x00405f06
                                                                                                                                                0x00405f06
                                                                                                                                                0x00405f0d
                                                                                                                                                0x00405f14
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f22
                                                                                                                                                0x00405f29
                                                                                                                                                0x00405fbb
                                                                                                                                                0x00405fbb
                                                                                                                                                0x00405fbb
                                                                                                                                                0x00405fbf
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405fd3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405fd5
                                                                                                                                                0x00405fd5
                                                                                                                                                0x00405fda
                                                                                                                                                0x00405fe0
                                                                                                                                                0x00405fe7
                                                                                                                                                0x00405ff1
                                                                                                                                                0x00405ff6
                                                                                                                                                0x00405ffd
                                                                                                                                                0x00406004
                                                                                                                                                0x00406012
                                                                                                                                                0x00406020
                                                                                                                                                0x00406014
                                                                                                                                                0x0040601c
                                                                                                                                                0x0040601c
                                                                                                                                                0x00406012
                                                                                                                                                0x00406026
                                                                                                                                                0x0040604b
                                                                                                                                                0x0040604b
                                                                                                                                                0x0040605b
                                                                                                                                                0x0040605f
                                                                                                                                                0x00000000
                                                                                                                                                0x00406028
                                                                                                                                                0x00406028
                                                                                                                                                0x0040602d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406042
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406044
                                                                                                                                                0x00000000
                                                                                                                                                0x00406044
                                                                                                                                                0x00406028
                                                                                                                                                0x00406064
                                                                                                                                                0x00406064
                                                                                                                                                0x00406073
                                                                                                                                                0x0040607a
                                                                                                                                                0x0040607d
                                                                                                                                                0x0040607d
                                                                                                                                                0x00000000
                                                                                                                                                0x00406073
                                                                                                                                                0x00000000
                                                                                                                                                0x00405fbb
                                                                                                                                                0x00405f34
                                                                                                                                                0x00405f3a
                                                                                                                                                0x00405f96
                                                                                                                                                0x00405f99
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405fa0
                                                                                                                                                0x00405fa8
                                                                                                                                                0x00405fae
                                                                                                                                                0x00405fb9
                                                                                                                                                0x00000000
                                                                                                                                                0x00405fb9
                                                                                                                                                0x00405fb0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f3c
                                                                                                                                                0x00405f3c
                                                                                                                                                0x00405f3f
                                                                                                                                                0x00405f57
                                                                                                                                                0x00405f57
                                                                                                                                                0x00405f5c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f60
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f74
                                                                                                                                                0x00405f79
                                                                                                                                                0x00405f7c
                                                                                                                                                0x00405f83
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f83
                                                                                                                                                0x00405f60
                                                                                                                                                0x00405f41
                                                                                                                                                0x00405f46
                                                                                                                                                0x00405f4c
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f4e
                                                                                                                                                0x00405f4e
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f4e
                                                                                                                                                0x00405f8c
                                                                                                                                                0x00405f8c
                                                                                                                                                0x00405f91
                                                                                                                                                0x00405f92
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f3c
                                                                                                                                                0x00406084
                                                                                                                                                0x0040608f

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 004061A8: GetCurrentThreadId.KERNEL32 ref: 004061AB
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405F2F
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405F41
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00405F74
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405F9B
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405FD5
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405FFF
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00406075
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountTick$CurrentThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3968769311-0
                                                                                                                                                • Opcode ID: a3fd0ef106ea169b9eff3737405d017d7e5f6036ff05cd25cbde7a97f5fef50f
                                                                                                                                                • Instruction ID: 320e11e1895484dd97853e33e3acf9542b869253ecd946187445273afc1e67d8
                                                                                                                                                • Opcode Fuzzy Hash: a3fd0ef106ea169b9eff3737405d017d7e5f6036ff05cd25cbde7a97f5fef50f
                                                                                                                                                • Instruction Fuzzy Hash: CB4181316087429ED720EB79C58432F7AD19B80354F16853FE8D9A73C2DABDC895871A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405D34, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 36%
                                                                                                                                                			E00405D34(void* __edx) {
				intOrPtr _v8;
				char _v12;
				char* _t20;
				intOrPtr _t26;
				signed int _t32;
				intOrPtr _t40;
				void* _t42;
				void* _t44;
				intOrPtr _t45;

				_t42 = _t44;
				_t45 = _t44 + 0xfffffff8;
				_v12 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_t32 = 0x40;
					goto L11;
				} else {
					_t20 =  &_v12;
					_push(_t20);
					_push(0);
					L00402934();
					if(_t20 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v8 = E004044CC(_v12);
						_push(_t42);
						_push(E00405DE0);
						_push( *[fs:edx]);
						 *[fs:edx] = _t45;
						_push( &_v12);
						_push(_v8);
						L00402934();
						_t26 = _v8;
						if(_v12 <= 0) {
							L8:
							_pop(_t40);
							 *[fs:eax] = _t40;
							_push(0x405de7);
							return E004044E8(_v8);
						} else {
							while( *((short*)(_t26 + 4)) != 2 ||  *((char*)(_t26 + 8)) != 1) {
								_t26 = _t26 + 0x18;
								_v12 = _v12 - 0x18;
								if(_v12 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_t32 =  *(_t26 + 0xa) & 0x0000ffff;
							E00406840();
							L11:
							return _t32;
						}
					}
				}
				L12:
			}












                                                                                                                                                0x00405d35
                                                                                                                                                0x00405d37
                                                                                                                                                0x00405d3d
                                                                                                                                                0x00405d57
                                                                                                                                                0x00405de7
                                                                                                                                                0x00405de7
                                                                                                                                                0x00000000
                                                                                                                                                0x00405d5d
                                                                                                                                                0x00405d5d
                                                                                                                                                0x00405d60
                                                                                                                                                0x00405d61
                                                                                                                                                0x00405d63
                                                                                                                                                0x00405d6a
                                                                                                                                                0x00000000
                                                                                                                                                0x00405d76
                                                                                                                                                0x00405d7e
                                                                                                                                                0x00405d83
                                                                                                                                                0x00405d84
                                                                                                                                                0x00405d89
                                                                                                                                                0x00405d8c
                                                                                                                                                0x00405d92
                                                                                                                                                0x00405d96
                                                                                                                                                0x00405d97
                                                                                                                                                0x00405d9c
                                                                                                                                                0x00405da3
                                                                                                                                                0x00405dca
                                                                                                                                                0x00405dcc
                                                                                                                                                0x00405dcf
                                                                                                                                                0x00405dd2
                                                                                                                                                0x00405ddf
                                                                                                                                                0x00405da5
                                                                                                                                                0x00405da5
                                                                                                                                                0x00405dbd
                                                                                                                                                0x00405dc0
                                                                                                                                                0x00405dc8
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405dc8
                                                                                                                                                0x00405db2
                                                                                                                                                0x00405db6
                                                                                                                                                0x00405dec
                                                                                                                                                0x00405df2
                                                                                                                                                0x00405df2
                                                                                                                                                0x00405da3
                                                                                                                                                0x00405d6a
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00405D4A
                                                                                                                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00405D50
                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 00405D6C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                • String ID: GetLogicalProcessorInformation$kernel32.dll
                                                                                                                                                • API String ID: 4275029093-812649623
                                                                                                                                                • Opcode ID: 863bfcf51d35678c1c5c5690424457cf11f5a1c675e92d83d0228cc1c1c2ec53
                                                                                                                                                • Instruction ID: 98032b134372ad5d4df392febb5cee6dd9eab7165ad31d4e0d4e7c156c70a6a6
                                                                                                                                                • Opcode Fuzzy Hash: 863bfcf51d35678c1c5c5690424457cf11f5a1c675e92d83d0228cc1c1c2ec53
                                                                                                                                                • Instruction Fuzzy Hash: 08118471904644AEEF50FBA1C94AB9FB7A9EF40314F21807BE404B66C1D67C9A80CA1D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004094A8, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                			E004094A8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x45cb80()) {
					_v16 = E00409464( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x45cb7c(4,  &_v32,  &_v20);
				}
				_t39 = E00409464( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00407C00(_t81, _t67);
					_t39 = E004044E8(_t67);
				}
				if(_v16 != 0) {
					 *0x45cb7c(0, 0,  &_v20);
					_t68 = E00409464( &_v12);
					if(_v8 != _v12 || E00409440(_v16, _v12, _t68) != 0) {
						 *0x45cb7c(8, _v16,  &_v20);
					}
					E004044E8(_t68);
					return E004044E8(_v16);
				}
				return _t39;
			}





















                                                                                                                                                0x004094b0
                                                                                                                                                0x004094b2
                                                                                                                                                0x004094b6
                                                                                                                                                0x004094c2
                                                                                                                                                0x004094cc
                                                                                                                                                0x004094cf
                                                                                                                                                0x004094d1
                                                                                                                                                0x004094d8
                                                                                                                                                0x004094db
                                                                                                                                                0x004094ec
                                                                                                                                                0x004094f2
                                                                                                                                                0x004094f5
                                                                                                                                                0x004094f8
                                                                                                                                                0x004094fb
                                                                                                                                                0x00409501
                                                                                                                                                0x00409507
                                                                                                                                                0x00409517
                                                                                                                                                0x00409517
                                                                                                                                                0x00409520
                                                                                                                                                0x00409525
                                                                                                                                                0x00409529
                                                                                                                                                0x0040952e
                                                                                                                                                0x00409533
                                                                                                                                                0x00409535
                                                                                                                                                0x00409536
                                                                                                                                                0x0040953d
                                                                                                                                                0x00409545
                                                                                                                                                0x0040954a
                                                                                                                                                0x0040954a
                                                                                                                                                0x00409550
                                                                                                                                                0x00409553
                                                                                                                                                0x00409553
                                                                                                                                                0x0040953d
                                                                                                                                                0x0040955a
                                                                                                                                                0x00409561
                                                                                                                                                0x00409561
                                                                                                                                                0x0040956a
                                                                                                                                                0x00409574
                                                                                                                                                0x00409582
                                                                                                                                                0x0040958a
                                                                                                                                                0x004095a7
                                                                                                                                                0x004095a7
                                                                                                                                                0x004095af
                                                                                                                                                0x00000000
                                                                                                                                                0x004095b7
                                                                                                                                                0x004095c1

                                                                                                                                                APIs
                                                                                                                                                • GetThreadUILanguage.KERNEL32(?,00000000), ref: 004094B9
                                                                                                                                                • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 00409517
                                                                                                                                                • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 00409574
                                                                                                                                                • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 004095A7
                                                                                                                                                  • Part of subcall function 00409464: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,00409525), ref: 0040947B
                                                                                                                                                  • Part of subcall function 00409464: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,00409525), ref: 00409498
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Thread$LanguagesPreferred$Language
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2255706666-0
                                                                                                                                                • Opcode ID: 6e253d593cab2408df00f34a80740f2092f01fe665a3f9e6f890c95ae601fce8
                                                                                                                                                • Instruction ID: 45a3101d14276a2a49cfc5000a3c3cf8a7f72fed558edd49c2bc7541cdcef5fc
                                                                                                                                                • Opcode Fuzzy Hash: 6e253d593cab2408df00f34a80740f2092f01fe665a3f9e6f890c95ae601fce8
                                                                                                                                                • Instruction Fuzzy Hash: E2313071A0021AABDF10EFAADC856AEB3B8EF04304F40417AE515E72D2D7789E05CB55
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040641E, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                			E0040641E(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v44;
				struct _EXCEPTION_RECORD* _t31;
				long _t34;
				long _t35;
				struct _EXCEPTION_RECORD* _t36;
				intOrPtr* _t38;
				long _t42;
				long _t44;
				long _t45;
				void* _t46;
				intOrPtr* _t47;
				void* _t51;
				long _t52;
				void* _t55;
				intOrPtr _t57;
				long* _t58;
				long _t64;
				intOrPtr* _t67;
				intOrPtr* _t69;
				void* _t70;
				long _t72;
				long _t73;
				void* _t75;
				long* _t76;
				void* _t78;
				long _t79;
				intOrPtr _t82;

				_t78 = __ebp;
				_t75 = __esi;
				_t70 = __edi;
				_t51 = __ebx;
				_t31 = _a4.ExceptionRecord;
				if((_t31->ExceptionFlags & 0x00000006) == 0) {
					if(_t31->ExceptionCode == 0xeedfade) {
						_t34 =  *(_t31->ExceptionInformation[1]);
						goto L6;
					} else {
						asm("cld");
						E004055E8(_t31);
						_t69 =  *0x45a010; // 0x0
						if(_t69 != 0) {
							_t34 =  *_t69();
							if(_t34 != 0) {
								L6:
								_push(_t51);
								_push(_t75);
								_push(_t70);
								_push(_t78);
								_t57 =  *((intOrPtr*)(_a8 + 4));
								_t52 =  *(_t57 + 5);
								_t9 = _t57 + 9; // 0xf
								_t76 = _t9;
								_t79 = _t34;
								while(1) {
									L7:
									_t35 =  *_t76;
									__eflags = _t35;
									if(_t35 == 0) {
										break;
									}
									_t72 = _t79;
									while(1) {
										_t46 =  *_t35;
										__eflags = _t46 - _t72;
										if(_t46 == _t72) {
											goto L17;
										}
										__eflags =  *((intOrPtr*)(_t46 - 0x34)) -  *((intOrPtr*)(_t72 - 0x34));
										if( *((intOrPtr*)(_t46 - 0x34)) !=  *((intOrPtr*)(_t72 - 0x34))) {
											L14:
											_t73 =  *(_t72 - 0x30);
											_t35 =  *_t76;
											__eflags = _t73;
											if(_t73 != 0) {
												_t72 =  *_t73;
												continue;
											} else {
												_t76 =  &(_t76[2]);
												_t52 = _t52 - 1;
												__eflags = _t52;
												if(_t52 != 0) {
													goto L7;
												} else {
												}
											}
										} else {
											_t47 =  *((intOrPtr*)(_t46 - 0x38));
											_t67 =  *((intOrPtr*)(_t72 - 0x38));
											_t62 =  *_t47;
											__eflags =  *_t47 -  *_t67;
											if( *_t47 !=  *_t67) {
												goto L14;
											} else {
												__eflags = _t67 + 1;
												E0040759C(_t47 + 1, _t62, _t67 + 1);
												if(__eflags == 0) {
													goto L17;
												} else {
													goto L14;
												}
											}
										}
										goto L26;
									}
									break;
								}
								L17:
								_t36 = _a4.ExceptionRecord;
								__eflags = _t36->ExceptionCode - 0xeedfade;
								_t64 = _t36->ExceptionInformation[1];
								_t58 = _t36->ExceptionInformation;
								if(_t36->ExceptionCode == 0xeedfade) {
									__eflags =  *0x45802d - 1;
									if( *0x45802d <= 1) {
										goto L25;
									}
									__eflags =  *0x45802c;
									if( *0x45802c > 0) {
										goto L25;
									}
									_t42 = UnhandledExceptionFilter( &_a4);
									__eflags = _t42;
									_t58 = _t58;
									_t64 = _t64;
									_t36 = _t36;
									if(_t42 != 0) {
										goto L25;
									}
								} else {
									_t44 = E0040620C( *0x45a014(), _a12);
									__eflags =  *0x45802d;
									if( *0x45802d <= 0) {
										L21:
										_t64 = _t44;
										_t36 = _a4.ExceptionRecord;
										_t58 = _t36->ExceptionAddress;
										L25:
										_t36->ExceptionFlags = _t36->ExceptionFlags | 0x00000002;
										 *0x45a01c(_a8, 0x406554, _t36, 0, _t76, _t58, _t64, _t36,  *[fs:ebx]);
										_pop(_t55);
										_t38 = E0040AA20();
										_push( *_t38);
										 *_t38 = _t82;
										 *((intOrPtr*)(_v8 + 4)) = E00406580;
										E00406248(_v44, _t55, _t76);
										goto ( *((intOrPtr*)(_t55 + 4)));
									}
									__eflags =  *0x45802c;
									if( *0x45802c > 0) {
										goto L21;
									}
									_t45 = UnhandledExceptionFilter( &_a4);
									__eflags = _t45;
									_t44 = _t44;
									if(_t45 != 0) {
										goto L21;
									}
								}
							} else {
							}
						}
					}
				}
				L26:
				return 1;
			}































                                                                                                                                                0x0040641e
                                                                                                                                                0x0040641e
                                                                                                                                                0x0040641e
                                                                                                                                                0x0040641e
                                                                                                                                                0x00406420
                                                                                                                                                0x0040642b
                                                                                                                                                0x00406437
                                                                                                                                                0x0040645b
                                                                                                                                                0x00000000
                                                                                                                                                0x00406439
                                                                                                                                                0x00406439
                                                                                                                                                0x0040643a
                                                                                                                                                0x0040643f
                                                                                                                                                0x00406447
                                                                                                                                                0x0040644d
                                                                                                                                                0x00406451
                                                                                                                                                0x0040645d
                                                                                                                                                0x00406461
                                                                                                                                                0x00406462
                                                                                                                                                0x00406463
                                                                                                                                                0x00406464
                                                                                                                                                0x00406465
                                                                                                                                                0x00406468
                                                                                                                                                0x0040646b
                                                                                                                                                0x0040646b
                                                                                                                                                0x0040646e
                                                                                                                                                0x00406470
                                                                                                                                                0x00406470
                                                                                                                                                0x00406470
                                                                                                                                                0x00406472
                                                                                                                                                0x00406474
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406476
                                                                                                                                                0x0040647c
                                                                                                                                                0x0040647c
                                                                                                                                                0x0040647e
                                                                                                                                                0x00406480
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406485
                                                                                                                                                0x00406488
                                                                                                                                                0x004064a1
                                                                                                                                                0x004064a1
                                                                                                                                                0x004064a4
                                                                                                                                                0x004064a6
                                                                                                                                                0x004064a8
                                                                                                                                                0x0040647a
                                                                                                                                                0x00000000
                                                                                                                                                0x004064aa
                                                                                                                                                0x004064aa
                                                                                                                                                0x004064ad
                                                                                                                                                0x004064ad
                                                                                                                                                0x004064ae
                                                                                                                                                0x00000000
                                                                                                                                                0x004064b0
                                                                                                                                                0x004064b3
                                                                                                                                                0x004064ae
                                                                                                                                                0x0040648a
                                                                                                                                                0x0040648a
                                                                                                                                                0x0040648d
                                                                                                                                                0x00406492
                                                                                                                                                0x00406494
                                                                                                                                                0x00406496
                                                                                                                                                0x00000000
                                                                                                                                                0x00406498
                                                                                                                                                0x00406499
                                                                                                                                                0x0040649a
                                                                                                                                                0x0040649f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040649f
                                                                                                                                                0x00406496
                                                                                                                                                0x00000000
                                                                                                                                                0x00406488
                                                                                                                                                0x00000000
                                                                                                                                                0x0040647c
                                                                                                                                                0x004064b9
                                                                                                                                                0x004064b9
                                                                                                                                                0x004064bd
                                                                                                                                                0x004064c3
                                                                                                                                                0x004064c6
                                                                                                                                                0x004064c9
                                                                                                                                                0x0040650c
                                                                                                                                                0x00406513
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406515
                                                                                                                                                0x0040651c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406526
                                                                                                                                                0x0040652b
                                                                                                                                                0x0040652e
                                                                                                                                                0x0040652f
                                                                                                                                                0x00406530
                                                                                                                                                0x00406531
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004064cb
                                                                                                                                                0x004064d5
                                                                                                                                                0x004064da
                                                                                                                                                0x004064e1
                                                                                                                                                0x00406501
                                                                                                                                                0x00406501
                                                                                                                                                0x00406503
                                                                                                                                                0x00406507
                                                                                                                                                0x00406533
                                                                                                                                                0x00406540
                                                                                                                                                0x0040654e
                                                                                                                                                0x00406554
                                                                                                                                                0x00406559
                                                                                                                                                0x0040655e
                                                                                                                                                0x00406564
                                                                                                                                                0x0040656d
                                                                                                                                                0x00406578
                                                                                                                                                0x0040657d
                                                                                                                                                0x0040657d
                                                                                                                                                0x004064e3
                                                                                                                                                0x004064ea
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004064f2
                                                                                                                                                0x004064f7
                                                                                                                                                0x004064fa
                                                                                                                                                0x004064fb
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004064fb
                                                                                                                                                0x00000000
                                                                                                                                                0x00406453
                                                                                                                                                0x00406451
                                                                                                                                                0x00406447
                                                                                                                                                0x00406437
                                                                                                                                                0x004065a0
                                                                                                                                                0x004065a5

                                                                                                                                                APIs
                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,00000000), ref: 004064F2
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                • String ID: '@
                                                                                                                                                • API String ID: 3192549508-1210607465
                                                                                                                                                • Opcode ID: 14a5f145026a9e8308c0aea04e3a8ceea458f2e6719b8d6534c032ee58cb043c
                                                                                                                                                • Instruction ID: d9945ef524c90c6bd9f30337c6b4db501bb7818b994dcb4b19a5ad409a67f04d
                                                                                                                                                • Opcode Fuzzy Hash: 14a5f145026a9e8308c0aea04e3a8ceea458f2e6719b8d6534c032ee58cb043c
                                                                                                                                                • Instruction Fuzzy Hash: 8E419E70204200AFD720DF14EC84B6BB7A5EB84714F16857AE446A73D2D738EC61CB69
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405CA5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                			E00405CA5(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD* _t22;
				intOrPtr* _t25;
				long _t28;
				long _t30;
				long _t31;
				long _t32;
				void* _t33;
				void* _t38;
				long _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t50;

				_t48 = __ebp;
				_t47 = __esi;
				_t45 = __edi;
				_t33 = __ebx;
				_t22 = _a4.ExceptionRecord;
				if((_t22->ExceptionFlags & 0x00000006) == 0) {
					_t41 = _t22->ExceptionInformation[1];
					_t38 = _t22->ExceptionInformation;
					if(_t22->ExceptionCode == 0xeedfade) {
						L11:
						if( *0x45802d <= 1 ||  *0x45802c > 0) {
							goto L14;
						}
						_t28 = UnhandledExceptionFilter( &_a4);
						_t38 = _t38;
						_t41 = _t41;
						_t22 = _t22;
						if(_t28 != 0) {
							goto L14;
						}
					} else {
						asm("cld");
						E004055E8(_t22);
						_t43 =  *0x45a014; // 0x0
						if(_t43 != 0) {
							_t30 =  *_t43();
							if(_t30 != 0) {
								_t44 = _a12;
								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
									L10:
									_t41 = _t30;
									_t22 = _a4.ExceptionRecord;
									_t38 = _t22->ExceptionAddress;
									goto L11;
								} else {
									_t30 = E0040620C(_t30, _t44);
									if( *0x45802d <= 0 ||  *0x45802c > 0) {
										goto L10;
									} else {
										_t31 = UnhandledExceptionFilter( &_a4);
										_t32 = _t30;
										if(_t31 != 0) {
											_t41 = _t32;
											_t22 = _a4.ExceptionRecord;
											_t38 = _t22->ExceptionAddress;
											L14:
											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
											 *0x45a01c(_a8, 0x4063cc, _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33);
											_t46 = _v8;
											_t25 = E0040AA20();
											_push( *_t25);
											 *_t25 = _t50;
											 *((intOrPtr*)(_v8 + 4)) = E004063F8;
											E0040625C(_t25,  *((intOrPtr*)(_t46 + 4)) + 5);
											goto __ebx;
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}



















                                                                                                                                                0x00405ca5
                                                                                                                                                0x00405ca5
                                                                                                                                                0x00405ca5
                                                                                                                                                0x00405ca5
                                                                                                                                                0x004062f4
                                                                                                                                                0x004062ff
                                                                                                                                                0x0040630b
                                                                                                                                                0x0040630e
                                                                                                                                                0x00406311
                                                                                                                                                0x00406381
                                                                                                                                                0x00406388
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040639b
                                                                                                                                                0x004063a3
                                                                                                                                                0x004063a4
                                                                                                                                                0x004063a5
                                                                                                                                                0x004063a6
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406313
                                                                                                                                                0x00406313
                                                                                                                                                0x00406314
                                                                                                                                                0x00406319
                                                                                                                                                0x00406321
                                                                                                                                                0x00406327
                                                                                                                                                0x0040632b
                                                                                                                                                0x00406331
                                                                                                                                                0x0040633f
                                                                                                                                                0x00406378
                                                                                                                                                0x00406378
                                                                                                                                                0x0040637a
                                                                                                                                                0x0040637e
                                                                                                                                                0x00000000
                                                                                                                                                0x00406341
                                                                                                                                                0x00406341
                                                                                                                                                0x0040634d
                                                                                                                                                0x00000000
                                                                                                                                                0x00406358
                                                                                                                                                0x0040635e
                                                                                                                                                0x00406366
                                                                                                                                                0x00406367
                                                                                                                                                0x0040636d
                                                                                                                                                0x0040636f
                                                                                                                                                0x00406373
                                                                                                                                                0x004063a8
                                                                                                                                                0x004063a8
                                                                                                                                                0x004063c6
                                                                                                                                                0x004063cc
                                                                                                                                                0x004063d0
                                                                                                                                                0x004063d5
                                                                                                                                                0x004063db
                                                                                                                                                0x004063e7
                                                                                                                                                0x004063f1
                                                                                                                                                0x004063f6
                                                                                                                                                0x004063f6
                                                                                                                                                0x00406367
                                                                                                                                                0x0040634d
                                                                                                                                                0x0040633f
                                                                                                                                                0x0040632b
                                                                                                                                                0x00406321
                                                                                                                                                0x00406311
                                                                                                                                                0x0040641d

                                                                                                                                                APIs
                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 0040635E
                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 0040639B
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000004.00000002.402849297.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000004.00000002.402832526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402874922.0000000000412000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402934833.000000000045E000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402950145.0000000000461000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.402985294.0000000000463000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403007918.0000000000472000.00000040.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000004.00000002.403677906.000000000068F000.00000008.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_detection.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                • String ID: '@
                                                                                                                                                • API String ID: 3192549508-1210607465
                                                                                                                                                • Opcode ID: 04b40ad9b2f2c5d806417b637208c4494d4b728bbd3315b03ed6050750cd16cf
                                                                                                                                                • Instruction ID: 4f091763deb142c0f653f44d50732f5a11c5928c85bd7cd2ea70200cac19ae9c
                                                                                                                                                • Opcode Fuzzy Hash: 04b40ad9b2f2c5d806417b637208c4494d4b728bbd3315b03ed6050750cd16cf
                                                                                                                                                • Instruction Fuzzy Hash: A23180B0604300AFD724DB14C884F6B77A5EB84714F16C57EE80AA72D2CB78EC61DB69
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Analysis Process: curl_x64.exe PID: 5968 Parent PID: 5556 curl_x64.exeCOMMON

                                                                                                                                                Executed Functions

                                                                                                                                                Function 0040D4E9, Relevance: 92.7, APIs: 1, Strings: 60, Instructions: 1152COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • CURLOPT_PROTOCOLS, xrefs: 0040DB22
                                                                                                                                                • CURLOPT_SSL_SESSIONID_CACHE, xrefs: 0040D8E2
                                                                                                                                                • CURLOPT_GSSAPI_DELEGATION, xrefs: 0040DD66
                                                                                                                                                • CURLOPT_REDIR_PROTOCOLS, xrefs: 0040DB65
                                                                                                                                                • CURLOPT_EXPECT_100_TIMEOUT_MS, xrefs: 0040DF30
                                                                                                                                                • CURLOPT_MAIL_AUTH, xrefs: 0040DDEE
                                                                                                                                                • CURLOPT_TLSAUTH_TYPE, xrefs: 0040DD31
                                                                                                                                                • Throwing away %I64d bytes, xrefs: 0040E226
                                                                                                                                                • http, xrefs: 0040E12F, 0040E2E8
                                                                                                                                                • Metalink: fetching (%s) from (%s) FAILED (HTTP status code %d), xrefs: 0040E347
                                                                                                                                                • %s%s, xrefs: 0040EAAA
                                                                                                                                                • CURLOPT_LOCALPORTRANGE, xrefs: 0040D87D
                                                                                                                                                • CURLOPT_FTP_ALTERNATIVE_TO_USER, xrefs: 0040D8AE
                                                                                                                                                • CURLOPT_FTP_SKIP_PASV_IP, xrefs: 0040D7E3
                                                                                                                                                • ^, xrefs: 0040EB5E
                                                                                                                                                • Metalink: fetching (%s) from (%s) FAILED (%s), xrefs: 0040E398
                                                                                                                                                • CURLOPT_MAIL_FROM, xrefs: 0040DA86
                                                                                                                                                • CURLOPT_HTTP_TRANSFER_DECODING, xrefs: 0040D942
                                                                                                                                                • CURLOPT_PROXY_SERVICE_NAME, xrefs: 0040D715
                                                                                                                                                • CURLOPT_SSL_ENABLE_NPN, xrefs: 0040DE52
                                                                                                                                                • CURLOPT_DEFAULT_PROTOCOL, xrefs: 0040DEF7
                                                                                                                                                • CURLOPT_SERVICE_NAME, xrefs: 0040D74C
                                                                                                                                                • CURLOPT_HEADERDATA, xrefs: 0040DC0F
                                                                                                                                                • CURLOPT_SOCKS5_GSSAPI_NEC, xrefs: 0040D6DE
                                                                                                                                                • If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 0040EA9C
                                                                                                                                                • CURLOPT_TLSAUTH_PASSWORD, xrefs: 0040DCFA
                                                                                                                                                • @`L, xrefs: 0040DCA0
                                                                                                                                                • CURLOPT_FTP_FILEMETHOD, xrefs: 0040D817
                                                                                                                                                • CURLOPT_TLSAUTH_USERNAME, xrefs: 0040DCC3
                                                                                                                                                • curl: Saved to filename '%s', xrefs: 0040E051
                                                                                                                                                • CURLOPT_LOCALPORT, xrefs: 0040D850
                                                                                                                                                • CURLOPT_IGNORE_CONTENT_LENGTH, xrefs: 0040D7AD
                                                                                                                                                • CURLOPT_IPRESOLVE, xrefs: 0040D52C, 0040D561, 0040D595
                                                                                                                                                • Transient problem: %s Will retry in %ld seconds. %ld retries left., xrefs: 0040E1BD
                                                                                                                                                • CURLOPT_RESOLVE, xrefs: 0040DC46
                                                                                                                                                • CURLOPT_HTTP_CONTENT_DECODING, xrefs: 0040D917
                                                                                                                                                • ', xrefs: 0040DDFD
                                                                                                                                                • CURLOPT_USE_SSL, xrefs: 0040D5D1, 0040D61B, 0040D65D
                                                                                                                                                • CURLOPT_FTP_ACCOUNT, xrefs: 0040D779
                                                                                                                                                • CURLOPT_SASL_IR, xrefs: 0040DE1E
                                                                                                                                                • curl: (%d) %s, xrefs: 0040EA80
                                                                                                                                                • failed to truncate, exiting, xrefs: 0040E28E
                                                                                                                                                • CURLOPT_MAIL_RCPT, xrefs: 0040DAB8
                                                                                                                                                • Error setting extended attributes: %s, xrefs: 0040EB13
                                                                                                                                                • CURLOPT_TCP_KEEPINTVL, xrefs: 0040D9E5
                                                                                                                                                • CURLOPT_FTP_SSL_CCC, xrefs: 0040D69D
                                                                                                                                                • CURLOPT_HEADERFUNCTION, xrefs: 0040DBBD
                                                                                                                                                • CURLOPT_SSL_ENABLE_ALPN, xrefs: 0040DE87
                                                                                                                                                • CURLOPT_TFTP_BLKSIZE, xrefs: 0040DA4F
                                                                                                                                                • CURLOPT_TCP_KEEPIDLE, xrefs: 0040D9B8
                                                                                                                                                • CURLOPT_FTP_USE_PRET, xrefs: 0040DAE6
                                                                                                                                                • CURLOPT_UNIX_SOCKET_PATH, xrefs: 0040DEC3
                                                                                                                                                • More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 0040EAA3
                                                                                                                                                • CURLOPT_SSL_OPTIONS, xrefs: 0040DDB6
                                                                                                                                                • CURLOPT_MAXFILESIZE_LARGE, xrefs: 0040D4FA
                                                                                                                                                • (%d) Failed writing body, xrefs: 0040EB54
                                                                                                                                                • CURLOPT_CONNECT_TO, xrefs: 0040DC79
                                                                                                                                                • CURLOPT_TFTP_NO_OPTIONS, xrefs: 0040DF68
                                                                                                                                                • CURLOPT_TCP_KEEPALIVE, xrefs: 0040D97B, 0040DA15
                                                                                                                                                • Metalink: fetching (%s) from (%s) OK, xrefs: 0040E426
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %s%s$(%d) Failed writing body$@`L$CURLOPT_CONNECT_TO$CURLOPT_DEFAULT_PROTOCOL$CURLOPT_EXPECT_100_TIMEOUT_MS$CURLOPT_FTP_ACCOUNT$CURLOPT_FTP_ALTERNATIVE_TO_USER$CURLOPT_FTP_FILEMETHOD$CURLOPT_FTP_SKIP_PASV_IP$CURLOPT_FTP_SSL_CCC$CURLOPT_FTP_USE_PRET$CURLOPT_GSSAPI_DELEGATION$CURLOPT_HEADERDATA$CURLOPT_HEADERFUNCTION$CURLOPT_HTTP_CONTENT_DECODING$CURLOPT_HTTP_TRANSFER_DECODING$CURLOPT_IGNORE_CONTENT_LENGTH$CURLOPT_IPRESOLVE$CURLOPT_LOCALPORT$CURLOPT_LOCALPORTRANGE$CURLOPT_MAIL_AUTH$CURLOPT_MAIL_FROM$CURLOPT_MAIL_RCPT$CURLOPT_MAXFILESIZE_LARGE$CURLOPT_PROTOCOLS$CURLOPT_PROXY_SERVICE_NAME$CURLOPT_REDIR_PROTOCOLS$CURLOPT_RESOLVE$CURLOPT_SASL_IR$CURLOPT_SERVICE_NAME$CURLOPT_SOCKS5_GSSAPI_NEC$CURLOPT_SSL_ENABLE_ALPN$CURLOPT_SSL_ENABLE_NPN$CURLOPT_SSL_OPTIONS$CURLOPT_SSL_SESSIONID_CACHE$CURLOPT_TCP_KEEPALIVE$CURLOPT_TCP_KEEPIDLE$CURLOPT_TCP_KEEPINTVL$CURLOPT_TFTP_BLKSIZE$CURLOPT_TFTP_NO_OPTIONS$CURLOPT_TLSAUTH_PASSWORD$CURLOPT_TLSAUTH_TYPE$CURLOPT_TLSAUTH_USERNAME$CURLOPT_UNIX_SOCKET_PATH$CURLOPT_USE_SSL$Error setting extended attributes: %s$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$Metalink: fetching (%s) from (%s) FAILED (%s)$Metalink: fetching (%s) from (%s) FAILED (HTTP status code %d)$Metalink: fetching (%s) from (%s) OK$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $Throwing away %I64d bytes$Transient problem: %s Will retry in %ld seconds. %ld retries left.$curl: (%d) %s$curl: Saved to filename '%s'$failed to truncate, exiting$http$^$'
                                                                                                                                                • API String ID: 0-2543072273
                                                                                                                                                • Opcode ID: 5529bc182b7da6ad1b8dc8b5bea0c283b6cc53f1644420080a1c34297545c681
                                                                                                                                                • Instruction ID: 21937a47350052fe6363d520302cc8fa78568f0ffb025e04b0ac014b9d5224f6
                                                                                                                                                • Opcode Fuzzy Hash: 5529bc182b7da6ad1b8dc8b5bea0c283b6cc53f1644420080a1c34297545c681
                                                                                                                                                • Instruction Fuzzy Hash: A4A28E7170878086DB64CB67E44479B77A4FB88784F04052BEF89A77A9DB3CC946CB09
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046D1D0, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 249COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1348 46d1d0-46d20a 1349 46d20c-46d222 1348->1349 1350 46d229-46d24f 1348->1350 1349->1350 1351 46d272-46d28c 1350->1351 1352 46d251-46d26d GetUserDefaultLCID 1350->1352 1354 46d292-46d294 1351->1354 1355 46d323-46d32c 1351->1355 1353 46d486-46d48d 1352->1353 1359 46d42e 1353->1359 1360 46d48f-46d492 1353->1360 1354->1355 1358 46d29a-46d2ac 1354->1358 1356 46d3e2-46d3e5 1355->1356 1357 46d332-46d334 1355->1357 1361 46d46a-46d480 GetUserDefaultLangID 1356->1361 1362 46d3eb-46d3ed 1356->1362 1357->1356 1363 46d33a-46d33d 1357->1363 1365 46d2b0-46d2b2 1358->1365 1364 46d430-46d469 call 4743f0 1359->1364 1366 46d494-46d49e 1360->1366 1367 46d4f5-46d513 GetLocaleInfoA 1360->1367 1361->1353 1362->1361 1368 46d3ef-46d426 EnumSystemLocalesA 1362->1368 1370 46d33f-46d341 1363->1370 1371 46d34a call 46d130 1363->1371 1373 46d2b4-46d2d8 call 471050 1365->1373 1374 46d30b-46d31c 1365->1374 1366->1367 1375 46d4a0-46d4a3 1366->1375 1367->1359 1369 46d519 1367->1369 1368->1353 1376 46d428 1368->1376 1377 46d51e-46d52a call 465510 1369->1377 1370->1371 1378 46d343-46d348 call 46d060 1370->1378 1385 46d34f-46d355 1371->1385 1392 46d2da-46d2e9 1373->1392 1393 46d2eb-46d2ed 1373->1393 1374->1355 1375->1367 1382 46d4a5-46d4b6 1375->1382 1376->1359 1377->1359 1397 46d530-46d53b IsValidCodePage 1377->1397 1378->1385 1382->1367 1387 46d4b8-46d4c9 1382->1387 1385->1360 1391 46d35b-46d360 1385->1391 1387->1377 1388 46d4cb-46d4e8 GetLocaleInfoA 1387->1388 1388->1359 1396 46d4ee-46d4f3 1388->1396 1398 46d365-46d367 1391->1398 1399 46d306-46d309 1392->1399 1394 46d2ef-46d2f9 1393->1394 1395 46d2fb-46d302 1393->1395 1394->1399 1395->1399 1396->1377 1397->1359 1402 46d541-46d554 IsValidLocale 1397->1402 1400 46d3bd-46d3c7 1398->1400 1401 46d369-46d392 call 471050 1398->1401 1399->1365 1399->1374 1405 46d3d8-46d3dd call 46d130 1400->1405 1406 46d3c9-46d3cc 1400->1406 1413 46d394-46d3a3 1401->1413 1414 46d3a5-46d3a7 1401->1414 1402->1359 1404 46d55a-46d569 1402->1404 1408 46d57c-46d57f 1404->1408 1409 46d56b-46d576 1404->1409 1405->1353 1406->1405 1410 46d3ce-46d3d3 call 46d060 1406->1410 1415 46d607-46d60c 1408->1415 1416 46d585-46d58c 1408->1416 1409->1408 1410->1353 1418 46d3b1-46d3b3 1413->1418 1419 46d3ae 1414->1419 1420 46d3a9-46d3ac 1414->1420 1415->1364 1421 46d5b2-46d5ca GetLocaleInfoA 1416->1421 1422 46d58e-46d5b0 1416->1422 1418->1398 1424 46d3b5-46d3b7 1418->1424 1419->1418 1420->1418 1421->1359 1426 46d5d0 1421->1426 1425 46d5d6-46d5ed GetLocaleInfoA 1422->1425 1424->1353 1424->1400 1425->1359 1427 46d5f3-46d602 call 4713e0 1425->1427 1426->1425 1427->1415
                                                                                                                                                APIs
                                                                                                                                                • GetUserDefaultLCID.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D25B
                                                                                                                                                • EnumSystemLocalesA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D419
                                                                                                                                                • GetUserDefaultLangID.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D474
                                                                                                                                                • GetLocaleInfoA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D4E0
                                                                                                                                                • GetLocaleInfoA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D50B
                                                                                                                                                • IsValidCodePage.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D533
                                                                                                                                                • IsValidLocale.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D54C
                                                                                                                                                • GetLocaleInfoA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D5C2
                                                                                                                                                • GetLocaleInfoA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0046396C), ref: 0046D5E5
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Locale$Info$DefaultUserValid$CodeEnumLangLocalesPageSystem
                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                • API String ID: 4167469521-711371036
                                                                                                                                                • Opcode ID: 90aca2ada9d41e04dc76a7d4600a8a0d2b031e80dbb9359b5e3a9eba5e97c041
                                                                                                                                                • Instruction ID: 89255832a6a225acc97a27ebe2910fe0d72484697f73d6251c56c13e74966a2f
                                                                                                                                                • Opcode Fuzzy Hash: 90aca2ada9d41e04dc76a7d4600a8a0d2b031e80dbb9359b5e3a9eba5e97c041
                                                                                                                                                • Instruction Fuzzy Hash: 76B189B1F05B4086EB60CF12E944B6A33A4F744B84F58412ADB8987B64FF7CD985C70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042C2E0, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 116libraryloaderCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1429 42c2e0-42c30b GetModuleHandleA 1430 42c321-42c34b GetProcAddress call 461fa0 1429->1430 1431 42c30d-42c320 1429->1431 1434 42c376-42c379 1430->1434 1435 42c34d-42c350 1430->1435 1436 42c3a5-42c3b9 GetSystemDirectoryA 1434->1436 1437 42c37b-42c38e GetProcAddress 1434->1437 1438 42c352-42c360 1435->1438 1439 42c365-42c371 LoadLibraryA 1435->1439 1442 42c3bf-42c3ec 1436->1442 1443 42c46c 1436->1443 1437->1436 1441 42c390-42c3a0 LoadLibraryExA 1437->1441 1440 42c471-42c48c 1438->1440 1439->1440 1441->1440 1446 42c45e-42c467 1442->1446 1447 42c3ee-42c3fc GetSystemDirectoryA 1442->1447 1443->1440 1446->1443 1447->1446 1448 42c3fe-42c42c 1447->1448 1450 42c430-42c43e 1448->1450 1450->1450 1451 42c440-42c443 1450->1451 1452 42c452-42c455 LoadLibraryA 1451->1452 1453 42c445-42c450 1451->1453 1454 42c45b 1452->1454 1453->1454 1454->1446
                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleA.KERNELBASE(?,?,?,?,?,?,00418E28,?,?,?,?,0042FAA9), ref: 0042C2FF
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,00418E28,?,?,?,?,0042FAA9), ref: 0042C330
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: AddDllDirectory$LoadLibraryExA$kernel32
                                                                                                                                                • API String ID: 1646373207-3327535076
                                                                                                                                                • Opcode ID: 75d95d9e1ef5d731eed0b49f35cadfd7614023738d8931bdcf1cb98430b2f29a
                                                                                                                                                • Instruction ID: 0918accc6cb6d2e12088cb3c840581236fffc5715161b03d456abdf7b6bcb5f3
                                                                                                                                                • Opcode Fuzzy Hash: 75d95d9e1ef5d731eed0b49f35cadfd7614023738d8931bdcf1cb98430b2f29a
                                                                                                                                                • Instruction Fuzzy Hash: 8341C365705A9085DA14DF26B85032E7360FB89FE4F9C4625EE6E47BA8EF7CC405C708
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00464730, Relevance: 9.1, APIs: 6, Instructions: 80memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$AllocProcessVersion
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3730437025-0
                                                                                                                                                • Opcode ID: d755c3607a27c761b8ec831016487170296bc1da3fa8a8d476f5fa12b9b45c7a
                                                                                                                                                • Instruction ID: b4441600fceb0865e0b1e12c86e58dc29905e94a58f157920d75ed8d958f895d
                                                                                                                                                • Opcode Fuzzy Hash: d755c3607a27c761b8ec831016487170296bc1da3fa8a8d476f5fa12b9b45c7a
                                                                                                                                                • Instruction Fuzzy Hash: 173149BA60574087FB54EF66E84072A73A5BB85B85F44406ADB0987361FBBCC844CB1A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00463850, Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • English_United States.1252, xrefs: 00463913
                                                                                                                                                • English_United States.1252, xrefs: 004638D7
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: English_United States.1252$English_United States.1252
                                                                                                                                                • API String ID: 0-3610643126
                                                                                                                                                • Opcode ID: 71d3fd5140f11c6d3feabbd69dfa5123e4962ecbde24ddef2f7bafdcfe608574
                                                                                                                                                • Instruction ID: 575f30fa8187724f45dea64bbe663b12c31ad213965e905c71c7e0617e01a979
                                                                                                                                                • Opcode Fuzzy Hash: 71d3fd5140f11c6d3feabbd69dfa5123e4962ecbde24ddef2f7bafdcfe608574
                                                                                                                                                • Instruction Fuzzy Hash: 9551E9A16087C185EB21CF66A4103BB77A0F756789F488017EEDA53715FB3CCA09C70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00427A30, Relevance: 1.6, APIs: 1, Instructions: 61networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: recv
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1507349165-0
                                                                                                                                                • Opcode ID: 9acf59ad7c39a43b3af5afe6d0c4ba5654e2f16b7294665b94318116609b09fd
                                                                                                                                                • Instruction ID: 436a8884f2c7b4bbc5f9e3cfb9331bfd6939499af379b40f0f21ffba31ba4c44
                                                                                                                                                • Opcode Fuzzy Hash: 9acf59ad7c39a43b3af5afe6d0c4ba5654e2f16b7294665b94318116609b09fd
                                                                                                                                                • Instruction Fuzzy Hash: C121A036305E9092C7948F55B9A47DA7760F708BA8FA8133ADF59077A8CF38E460C314
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00425170, Relevance: .3, Instructions: 280COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountTick
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 536389180-0
                                                                                                                                                • Opcode ID: 1c912f1128a623c9007abc0841340ae11f9c59ea0b79cae281a3fe5e646b25af
                                                                                                                                                • Instruction ID: 904c673a2e8d09cb7cfff9bd8ed88d75672d7972fc047c65c6a8b002c88ab47e
                                                                                                                                                • Opcode Fuzzy Hash: 1c912f1128a623c9007abc0841340ae11f9c59ea0b79cae281a3fe5e646b25af
                                                                                                                                                • Instruction Fuzzy Hash: 4DA1B136305F9082DB248F1AF44436A7365FB85B98FA48217DF6A97795DB3CC845C708
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00425562, Relevance: .1, Instructions: 131COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 752a5ef40430fc721eb8dd3cc7e6b5c2b1bef61e62a4d4767349bfc46ee64a49
                                                                                                                                                • Instruction ID: d39571d9d016bfee2ccdbcc0e4b687b3c0616f6889c26443bea1a9a1bd195a17
                                                                                                                                                • Opcode Fuzzy Hash: 752a5ef40430fc721eb8dd3cc7e6b5c2b1bef61e62a4d4767349bfc46ee64a49
                                                                                                                                                • Instruction Fuzzy Hash: BF41C266711F9082DB158F2DE41476A7360FB95BA8FD49603CE6E533A5EA3DC846C30C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004255A7, Relevance: .1, Instructions: 125COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9dcbf5b0611664db341e6f8fa95ca532a0405b2ec4805990c8d56426f62f6a42
                                                                                                                                                • Instruction ID: a6f127e405681484034e4f136de57cc87cd5650d8cc517fc711fafa4023a585e
                                                                                                                                                • Opcode Fuzzy Hash: 9dcbf5b0611664db341e6f8fa95ca532a0405b2ec4805990c8d56426f62f6a42
                                                                                                                                                • Instruction Fuzzy Hash: 2941D066711F9481DB158F2AE0507AA7360FB45B98FD995038F6E533A5EA3DC806C30C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042553C, Relevance: .1, Instructions: 118COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 15cf6ff6068f1aefd8cde0f4797e900675a2961aea8ffb5410dc77bf10ba7701
                                                                                                                                                • Instruction ID: 72d64ef69885ab0381db91847118acb8c57dabcc9e5ec4491b99c3c93682961e
                                                                                                                                                • Opcode Fuzzy Hash: 15cf6ff6068f1aefd8cde0f4797e900675a2961aea8ffb5410dc77bf10ba7701
                                                                                                                                                • Instruction Fuzzy Hash: 5F41B166711B9481DB168F2DE0543AA7360FB45B9CFD89513CE6E633A5EA3DC446C308
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004254E8, Relevance: .1, Instructions: 117COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 43fb97d080116a169e993e2439b1b7c44de214b4b17218f158e01b01894c0399
                                                                                                                                                • Instruction ID: df915c0c4f188fb9fa57c91e7582e3c633ea01054f8a00ed88f8f181cccb51fb
                                                                                                                                                • Opcode Fuzzy Hash: 43fb97d080116a169e993e2439b1b7c44de214b4b17218f158e01b01894c0399
                                                                                                                                                • Instruction Fuzzy Hash: BD41C066711B9081DB158F2AE05036A7360FB85B9CFD895038E6E633A5EA3DC406C30C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00425504, Relevance: .1, Instructions: 117COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f861acb9317bb493e4f576a32fc0fb29d9c3f51f18b0681e9dca0dbc18f23c85
                                                                                                                                                • Instruction ID: d416542698e13315e08cf00a212c864cc0212cfad46da8b7b7e50194133755b5
                                                                                                                                                • Opcode Fuzzy Hash: f861acb9317bb493e4f576a32fc0fb29d9c3f51f18b0681e9dca0dbc18f23c85
                                                                                                                                                • Instruction Fuzzy Hash: 4B41C066715B9081DB158F2EE0503AAB360FB85B9CFD895038F6E633A5EA3DC406C30C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00425520, Relevance: .1, Instructions: 117COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 32df73e087ec483995843cd37685e30cbe115a3ad390cb11fd28c9124aeff41c
                                                                                                                                                • Instruction ID: ddc2cbc0ffc55b3fc824dcd6efd17f85c35613fa138c7e01f101e7c66a756410
                                                                                                                                                • Opcode Fuzzy Hash: 32df73e087ec483995843cd37685e30cbe115a3ad390cb11fd28c9124aeff41c
                                                                                                                                                • Instruction Fuzzy Hash: D641C066715B9481DB158F2AE0503AA7360FB85B9CFD895038E6E633A5EA3DC406C30C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004255D8, Relevance: .1, Instructions: 117COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: aba636fd91792eeeadfabe62ff65efb0b35325993376ba682f5fce593f00dd83
                                                                                                                                                • Instruction ID: ed5af8601cc9e358c3f648788651ab3d2deb787692c6bc9de29acf85a7c101cc
                                                                                                                                                • Opcode Fuzzy Hash: aba636fd91792eeeadfabe62ff65efb0b35325993376ba682f5fce593f00dd83
                                                                                                                                                • Instruction Fuzzy Hash: F941C066711B9081DB158F2AE05436A7360FB85B9CFD895038E6E633A5EA3DC806C30C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00468190, Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 79libraryloaderthreadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1226 468190-46819d call 4663b0 1229 4682e3-4682ec 1226->1229 1230 4681a3-4681b6 GetModuleHandleA 1226->1230 1231 4682fe-46830a call 466460 1229->1231 1232 4682ee-4682f4 FlsFree 1229->1232 1230->1229 1233 4681bc-468222 GetProcAddress * 4 1230->1233 1232->1231 1235 468224-46822c 1233->1235 1236 46823d-46826e 1233->1236 1235->1236 1238 46822e-468236 1235->1238 1239 468275-468287 1236->1239 1238->1236 1240 468238-46823b 1238->1240 1239->1231 1242 468289-46829e call 465f30 1239->1242 1240->1236 1240->1239 1242->1229 1245 4682a0-4682b1 FlsSetValue 1242->1245 1245->1229 1246 4682b3-4682e2 GetCurrentThreadId 1245->1246
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressProc$CurrentFreeHandleModuleThreadValue
                                                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                                                                                                • API String ID: 2257066991-282957996
                                                                                                                                                • Opcode ID: 7471f566d92bc4738dd3f3e8d14d76683ef5a6ba43ce22ee506a5f27a6cf9714
                                                                                                                                                • Instruction ID: e9f4ce2e775d2ef4d1ced8282ebb08f926a3df6e436be582b34827586b672946
                                                                                                                                                • Opcode Fuzzy Hash: 7471f566d92bc4738dd3f3e8d14d76683ef5a6ba43ce22ee506a5f27a6cf9714
                                                                                                                                                • Instruction Fuzzy Hash: D341F5F0602F0186FB949B25EC5876533A5F748BA5F88426E8A1D473A0EF7CC486C71D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042B4B0, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 262networkCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2023 42b4b0-42b515 2024 42b517-42b51b 2023->2024 2025 42b51d 2023->2025 2026 42b520-42b558 call 4608a0 2024->2026 2025->2026 2029 42b570-42b583 socket 2026->2029 2030 42b55a-42b56e 2026->2030 2031 42b586-42b589 2029->2031 2030->2031 2033 42b89a 2031->2033 2034 42b58f-42b597 2031->2034 2035 42b89c-42b8f0 call 4743f0 2033->2035 2036 42b5a9-42b5b4 2034->2036 2037 42b599-42b5a5 2034->2037 2039 42b5ba-42b5bd 2036->2039 2040 42b68b-42b6a6 call 432080 2036->2040 2037->2036 2043 42b5c3-42b5dc call 432080 2039->2043 2044 42b6b8-42b6ea GetLastError call 4183d0 call 427290 2039->2044 2040->2044 2048 42b6a8-42b6b3 htons 2040->2048 2043->2044 2053 42b5e2-42b5e7 htons 2043->2053 2057 42b704-42b718 call 424380 closesocket 2044->2057 2058 42b6ec-42b6f3 2044->2058 2051 42b5ed-42b60b call 427190 2048->2051 2060 42b612-42b617 2051->2060 2061 42b60d-42b610 2051->2061 2053->2051 2057->2033 2062 42b6f5-42b6fb 2058->2062 2063 42b71d-42b732 call 424380 2058->2063 2066 42b634-42b63f call 42b0f0 2060->2066 2067 42b619-42b627 2060->2067 2061->2060 2061->2066 2062->2063 2068 42b6fd 2062->2068 2063->2033 2075 42b641-42b649 2066->2075 2076 42b656-42b661 2066->2076 2067->2066 2070 42b629-42b62f call 42b050 2067->2070 2068->2057 2070->2066 2075->2076 2077 42b64b-42b651 call 42a400 2075->2077 2078 42b750-42b753 2076->2078 2079 42b667-42b67c 2076->2079 2077->2076 2080 42b758-42b75f 2078->2080 2086 42b682-42b686 2079->2086 2087 42b737-42b739 2079->2087 2083 42b761-42b764 2080->2083 2084 42b766-42b787 call 451290 call 42a600 2080->2084 2083->2084 2088 42b7a6-42b7c6 call 402bd0 call 426bf0 2083->2088 2084->2088 2099 42b789-42b7a1 call 42b2d0 2084->2099 2086->2080 2090 42b755 2087->2090 2091 42b73b-42b74b call 42b2d0 2087->2091 2102 42b7d6-42b7d9 2088->2102 2103 42b7c8-42b7d1 call 424ac0 2088->2103 2090->2080 2091->2035 2099->2035 2106 42b897 2102->2106 2107 42b7df-42b7e6 2102->2107 2103->2102 2106->2033 2107->2106 2108 42b7ec-42b7f3 2107->2108 2109 42b810-42b816 WSAGetLastError 2108->2109 2110 42b7f5-42b80e connect 2108->2110 2111 42b818-42b82c 2109->2111 2110->2109 2110->2111 2112 42b82e-42b831 2111->2112 2113 42b88c-42b88e 2111->2113 2116 42b883-42b88a 2112->2116 2117 42b833-42b839 2112->2117 2114 42b893-42b895 2113->2114 2115 42b890 2113->2115 2114->2035 2115->2114 2116->2035 2118 42b843-42b881 call 4183d0 call 427190 call 42b2d0 2117->2118 2119 42b83b-42b841 2117->2119 2118->2035 2119->2116 2119->2118
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Immediate connect fail for %s: %s, xrefs: 0042B855
                                                                                                                                                • Trying %s..., xrefs: 0042B5F5
                                                                                                                                                • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0042B6D1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLasthtons$closesocketsocket
                                                                                                                                                • String ID: Trying %s...$Immediate connect fail for %s: %s$sa_addr inet_ntop() failed with errno %d: %s
                                                                                                                                                • API String ID: 353835356-3338264681
                                                                                                                                                • Opcode ID: c9796a9bd06a99a884cfa545187c5e507271d3cfe47e3771c63c6f503abb6cfe
                                                                                                                                                • Instruction ID: 38104ddd3c2303f1f259c8e6667e55f2ae5d563dcca4b3e6a367a0c68ed9cf83
                                                                                                                                                • Opcode Fuzzy Hash: c9796a9bd06a99a884cfa545187c5e507271d3cfe47e3771c63c6f503abb6cfe
                                                                                                                                                • Instruction Fuzzy Hash: 1EA1B1753146A086DB24EB16B58476F73A4F784B88F80442BEF5A87B44DB3CC841CB89
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042AD50, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 147networkCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2126 42ad50-42ad85 2127 42b020-42b04c call 4743f0 2126->2127 2128 42ad8b-42ad92 2126->2128 2129 42ad98-42ad9f 2128->2129 2130 42af3c-42b01a 2128->2130 2129->2130 2132 42ada5-42adc4 getpeername 2129->2132 2130->2127 2134 42adf2-42ae21 call 460f80 getsockname 2132->2134 2135 42adc6-42aded WSAGetLastError call 4183d0 call 427290 2132->2135 2141 42ae23-42ae4a WSAGetLastError call 4183d0 call 427290 2134->2141 2142 42ae4f-42ae6c call 42acc0 2134->2142 2135->2127 2141->2127 2149 42ae9a-42af0e call 42acc0 2142->2149 2150 42ae6e-42ae95 GetLastError call 4183d0 call 427290 2142->2150 2149->2130 2157 42af10-42af37 GetLastError call 4183d0 call 427290 2149->2157 2150->2127 2157->2127
                                                                                                                                                APIs
                                                                                                                                                • getpeername.WS2_32 ref: 0042ADBC
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0042ADC6
                                                                                                                                                  • Part of subcall function 004183D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0041A288), ref: 004183E8
                                                                                                                                                  • Part of subcall function 004183D0: GetLastError.KERNEL32 ref: 004184C7
                                                                                                                                                  • Part of subcall function 004183D0: SetLastError.KERNEL32 ref: 004184D3
                                                                                                                                                • getsockname.WS2_32 ref: 0042AE19
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0042AE23
                                                                                                                                                Strings
                                                                                                                                                • getpeername() failed with errno %d: %s, xrefs: 0042ADD8
                                                                                                                                                • getsockname() failed with errno %d: %s, xrefs: 0042AE35
                                                                                                                                                • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0042AF22
                                                                                                                                                • ssrem inet_ntop() failed with errno %d: %s, xrefs: 0042AE80
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast$getpeernamegetsockname
                                                                                                                                                • String ID: getpeername() failed with errno %d: %s$getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
                                                                                                                                                • API String ID: 1444953621-670633250
                                                                                                                                                • Opcode ID: 923a9864c86e7dadcd77240cf1aa241fdcd004b55161d5e425d97c478e0f648d
                                                                                                                                                • Instruction ID: e125c79b2ab55860f3ccaa2e7edf1b33c51e6f9ba2da33637a069ff8191aa17b
                                                                                                                                                • Opcode Fuzzy Hash: 923a9864c86e7dadcd77240cf1aa241fdcd004b55161d5e425d97c478e0f648d
                                                                                                                                                • Instruction Fuzzy Hash: 22715776302B84D6DB58CB2AE6847D9B3A0F748B84F948026DF9C87720EF38D166C715
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042BBF0, Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 288COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2163 42bbf0-42bc4b 2164 42bc5b-42bc9f call 426bf0 2163->2164 2165 42bc4d-42bc56 2163->2165 2171 42bca1 2164->2171 2172 42bca4-42bca6 2164->2172 2166 42c09d-42c0d1 call 4743f0 2165->2166 2171->2172 2173 42bcc1 2172->2173 2174 42bca8-42bcaa 2172->2174 2177 42bcc4-42bcd6 call 426c30 2173->2177 2175 42bcbc-42bcbf 2174->2175 2176 42bcac-42bcae 2174->2176 2175->2177 2176->2177 2178 42bcb0-42bcba 2176->2178 2181 42bcd8-42bcdb 2177->2181 2182 42bcdd-42bcf1 call 427290 2177->2182 2178->2177 2181->2182 2183 42bcf6-42bd0c 2181->2183 2187 42c085-42c095 2182->2187 2186 42bd10-42bd22 2183->2186 2188 42bf43 2186->2188 2189 42bd28-42bd3c call 419080 2186->2189 2187->2166 2191 42bf47-42bf52 2188->2191 2196 42bd42-42bd5f call 426c30 2189->2196 2197 42bdc3-42bdc6 2189->2197 2191->2186 2193 42bf58-42bf5a 2191->2193 2194 42bf60-42bf65 2193->2194 2195 42c07d 2193->2195 2198 42bf82-42bf89 2194->2198 2199 42bf67-42bf7c call 42ba90 2194->2199 2195->2187 2216 42bd61-42bd78 call 427190 2196->2216 2217 42bd7c-42bd7f 2196->2217 2200 42bdf0-42be33 SleepEx getsockopt 2197->2200 2201 42bdc8-42bdcf 2197->2201 2204 42c038-42c03f 2198->2204 2205 42bf8f-42bf96 2198->2205 2199->2195 2199->2198 2208 42be35-42be3d WSAGetLastError 2200->2208 2209 42be3f 2200->2209 2201->2200 2206 42bdd1-42bdd3 2201->2206 2211 42c041-42c048 2204->2211 2212 42c04a 2204->2212 2213 42c051-42c079 call 4183d0 call 427290 2205->2213 2214 42be85-42be87 2206->2214 2215 42bdd9-42bdeb call 42ab30 2206->2215 2218 42be43-42be45 2208->2218 2209->2218 2211->2213 2212->2213 2213->2195 2223 42bf31-42bf35 2214->2223 2224 42be8d-42bea6 WSASetLastError 2214->2224 2215->2214 2216->2217 2226 42be72-42be77 2217->2226 2227 42bd85-42bd8a 2217->2227 2219 42be53 2218->2219 2220 42be47-42be4d 2218->2220 2231 42be55-42be5b 2219->2231 2220->2219 2230 42be4f-42be51 2220->2230 2223->2191 2234 42bf37-42bf3b 2224->2234 2235 42beac-42bef2 call 41b510 call 4183d0 call 427190 2224->2235 2226->2214 2228 42bd90-42bda4 call 426c30 2227->2228 2229 42be79-42be7e 2227->2229 2248 42be80 2228->2248 2249 42bdaa-42bdbe call 42ba90 2228->2249 2229->2214 2230->2231 2238 42be61-42be70 call 427190 2231->2238 2239 42bf9b-42bfd9 2231->2239 2234->2191 2265 42bef4-42bef7 2235->2265 2266 42bef9-42beff 2235->2266 2238->2214 2244 42bfdb-42bfe3 call 42b2d0 2239->2244 2245 42bfef-42bffd call 41c9b0 2239->2245 2244->2245 2245->2195 2260 42bfff-42c00f 2245->2260 2248->2214 2249->2214 2262 42c011-42c017 call 430400 2260->2262 2263 42c01c-42c027 call 42ad50 2260->2263 2262->2263 2268 42c02c-42c036 call 41cae0 2263->2268 2269 42bf01-42bf19 call 42ba90 2265->2269 2266->2269 2268->2195 2274 42bf2b-42bf2f 2269->2274 2275 42bf1b-42bf29 2269->2275 2274->2191 2275->2274 2276 42bf3d-42bf41 2275->2276 2276->2191
                                                                                                                                                Strings
                                                                                                                                                • connect to %s port %ld failed: %s, xrefs: 0042BED2
                                                                                                                                                • Failed to connect to %s port %ld: %s, xrefs: 0042C062
                                                                                                                                                • Connection time-out, xrefs: 0042BCDD
                                                                                                                                                • After %ldms connect time, move on!, xrefs: 0042BD61
                                                                                                                                                • Connection failed, xrefs: 0042BE61
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: After %ldms connect time, move on!$Connection failed$Connection time-out$Failed to connect to %s port %ld: %s$connect to %s port %ld failed: %s
                                                                                                                                                • API String ID: 0-885759404
                                                                                                                                                • Opcode ID: d053fc9e986a4460eab182c34ba54bb6b08002e78a4ac5841a5f1997093f64d4
                                                                                                                                                • Instruction ID: 8144d2596da5887b218cefce9ac6232cf538a33acc439dad2bbb2c7d1420e55b
                                                                                                                                                • Opcode Fuzzy Hash: d053fc9e986a4460eab182c34ba54bb6b08002e78a4ac5841a5f1997093f64d4
                                                                                                                                                • Instruction Fuzzy Hash: 25C1A07231469086DB24DB16F4407AFB361F784BA4F91521AEFAA87B94CF7CC845CB48
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419080, Relevance: 15.3, APIs: 10, Instructions: 257sleepnetworkCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2277 419080-4190cf 2278 4190d1-4190d4 2277->2278 2279 419109-419114 2277->2279 2278->2279 2280 4190d6-4190d9 2278->2280 2281 419123 2279->2281 2282 419116-419121 call 426bf0 2279->2282 2280->2279 2284 4190db-4190de 2280->2284 2283 419128-419145 2281->2283 2282->2283 2286 419147-419163 2283->2286 2287 419166-41916a 2283->2287 2288 4190e0-4190e3 2284->2288 2289 419102-419104 2284->2289 2286->2287 2291 419170-419174 2287->2291 2292 4191f3-4191fe 2287->2292 2293 4190e5-4190f4 WSASetLastError 2288->2293 2294 4190f9-4190fc Sleep 2288->2294 2295 41941c-419453 2289->2295 2298 419176-41917e 2291->2298 2299 41918f-419191 2291->2299 2296 419200-419213 2292->2296 2297 419248-41926d 2292->2297 2293->2295 2294->2289 2300 419215-41921d 2296->2300 2301 41922f-419231 2296->2301 2305 419284-419287 2297->2305 2302 419180-419183 2298->2302 2303 4191b0-4191b4 2299->2303 2304 419193-419196 2299->2304 2306 419220-419223 2300->2306 2308 419241-419244 2301->2308 2309 419233-419236 2301->2309 2302->2299 2307 419185-41918d 2302->2307 2311 4191b6-4191bd 2303->2311 2312 4191cf-4191d1 2303->2312 2304->2303 2310 419198-4191a9 2304->2310 2313 4192b4-4192b7 2305->2313 2314 419289-4192b2 2305->2314 2306->2301 2317 419225-41922d 2306->2317 2307->2299 2307->2302 2308->2297 2309->2308 2318 419238-41923d 2309->2318 2310->2303 2319 4191c0-4191c3 2311->2319 2320 4191d3-4191d6 2312->2320 2321 4191e7-4191ef 2312->2321 2315 4192c1-4192fb select 2313->2315 2316 4192b9-4192bd 2313->2316 2314->2315 2323 419351-419354 2315->2323 2324 4192fd-419305 WSAGetLastError 2315->2324 2316->2315 2317->2301 2317->2306 2318->2308 2319->2312 2325 4191c5-4191cd 2319->2325 2320->2321 2322 4191d8-4191e3 2320->2322 2321->2292 2322->2321 2328 419360-419363 2323->2328 2329 419356-41935b 2323->2329 2326 419307-41930d 2324->2326 2327 419316-419319 2324->2327 2325->2312 2325->2319 2326->2323 2330 41930f-419314 2326->2330 2331 419270-41927c 2327->2331 2332 41931f-419336 call 426bf0 call 426c30 2327->2332 2334 419365-419367 2328->2334 2335 41936c-419378 2328->2335 2333 41940c-419414 2329->2333 2330->2323 2330->2327 2331->2305 2332->2334 2352 419338-41934c 2332->2352 2333->2295 2334->2333 2336 4193a8-4193ac 2335->2336 2337 41937a-4193a3 __WSAFDIsSet * 2 2335->2337 2340 4193d9-4193dd 2336->2340 2341 4193ae-4193c0 __WSAFDIsSet 2336->2341 2337->2336 2339 4193a5 2337->2339 2339->2336 2345 41940a 2340->2345 2346 4193df-4193f1 __WSAFDIsSet 2340->2346 2343 4193c2 2341->2343 2344 4193c5-4193d4 __WSAFDIsSet 2341->2344 2343->2344 2344->2340 2348 4193d6 2344->2348 2345->2333 2349 4193f3 2346->2349 2350 4193f6-419405 __WSAFDIsSet 2346->2350 2348->2340 2349->2350 2350->2345 2353 419407 2350->2353 2352->2305 2353->2345
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastSleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1458359878-0
                                                                                                                                                • Opcode ID: c53c2f39b3f560c02fa79df169bc42b30076c1fc3295d85c1e396f880ab26127
                                                                                                                                                • Instruction ID: c0305223b480fe492b696f3983356cd79f1b9bb5c11194b6047f2f59a1fa21ca
                                                                                                                                                • Opcode Fuzzy Hash: c53c2f39b3f560c02fa79df169bc42b30076c1fc3295d85c1e396f880ab26127
                                                                                                                                                • Instruction Fuzzy Hash: 4CA1D736704B8196DB248A19A8643DBB7A6F3C57A4F540717EA66837C8DB3DCC91CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00472180, Relevance: 13.8, APIs: 9, Instructions: 335COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2354 472180-4721ec 2355 472257 2354->2355 2356 4721ee-472212 CompareStringW 2354->2356 2357 47225c-47225f 2355->2357 2358 472214-47222c 2356->2358 2359 47222e-472255 GetLastError 2356->2359 2360 472293 2357->2360 2361 472261-472264 2357->2361 2358->2357 2359->2357 2363 472298-4722a2 2360->2363 2362 472267-47226c 2361->2362 2364 47227e 2362->2364 2365 47226e-472273 2362->2365 2366 4722a4-4722ad 2363->2366 2367 4722cc-4722d0 2363->2367 2371 472283-472291 2364->2371 2365->2362 2370 472275-47227c 2365->2370 2372 4722b0-4722b5 2366->2372 2368 4722d6-4722d9 2367->2368 2369 4725cd-4725fd call 4714a0 2367->2369 2368->2369 2373 4722df-4722e3 2368->2373 2381 472606-472609 2369->2381 2382 4725ff-472601 2369->2382 2370->2371 2371->2363 2374 4722b7-4722bc 2372->2374 2375 4722c0-4722c5 2372->2375 2378 4725c6-4725c8 2373->2378 2379 4722e9-472310 2373->2379 2374->2372 2380 4722be 2374->2380 2375->2367 2385 4726a9-4726e2 call 4743f0 2378->2385 2383 472312-472315 2379->2383 2384 47231b-47231e 2379->2384 2380->2375 2386 47260b-47262e call 471500 2381->2386 2387 472668-472695 CompareStringA 2381->2387 2382->2385 2383->2384 2388 4723ff-472422 MultiByteToWideChar 2383->2388 2390 472327-47232b 2384->2390 2391 472320-472322 2384->2391 2386->2385 2406 472630-472654 call 471500 2386->2406 2397 4726a7 2387->2397 2398 472697-4726a2 call 45fec0 * 2 2387->2398 2388->2385 2392 472428-472475 call 474420 2388->2392 2395 472337-47233b 2390->2395 2396 47232d-472332 2390->2396 2391->2385 2413 472477-47248c call 465ec0 2392->2413 2414 472499-4724bd MultiByteToWideChar 2392->2414 2401 472347-472356 GetCPInfo 2395->2401 2402 47233d-472342 2395->2402 2396->2385 2397->2385 2398->2397 2401->2385 2407 47235c-472366 2401->2407 2402->2385 2422 472656-472660 call 45fec0 2406->2422 2423 472662-472665 2406->2423 2411 4723af-4723b5 2407->2411 2412 472368-47236c 2407->2412 2411->2388 2415 4723b7-4723bb 2411->2415 2417 47236e-472373 2412->2417 2418 472378-47237f 2412->2418 2413->2385 2438 472492 2413->2438 2424 4724c3-4724ec MultiByteToWideChar 2414->2424 2425 4725b0-4725b4 2414->2425 2420 4723c7-4723ce 2415->2420 2421 4723bd-4723c2 2415->2421 2417->2385 2426 4723a5-4723aa 2418->2426 2427 472381-472387 2418->2427 2430 4723f5-4723fa 2420->2430 2431 4723d0-4723d6 2420->2431 2421->2385 2422->2385 2423->2387 2424->2425 2435 4724f2-47253f call 474420 2424->2435 2433 4725b6-4725b9 call 45fec0 2425->2433 2434 4725be-4725c1 2425->2434 2426->2385 2427->2426 2428 472389-47238e 2427->2428 2436 472394-47239a 2428->2436 2437 472390-472392 2428->2437 2430->2385 2431->2430 2439 4723d8-4723de 2431->2439 2433->2434 2434->2385 2451 472541-472552 call 465ec0 2435->2451 2452 47255a-47257d MultiByteToWideChar 2435->2452 2436->2427 2444 47239c 2436->2444 2437->2436 2443 47239e-4723a0 2437->2443 2438->2414 2445 4723e4-4723ea 2439->2445 2446 4723e0-4723e2 2439->2446 2443->2385 2444->2426 2445->2431 2449 4723ec 2445->2449 2446->2445 2448 4723ee-4723f0 2446->2448 2448->2385 2449->2430 2451->2425 2458 472554 2451->2458 2454 4725a3-4725a6 2452->2454 2455 47257f-4725a0 CompareStringW 2452->2455 2454->2425 2457 4725a8-4725ab call 45fec0 2454->2457 2455->2454 2457->2425 2458->2452
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CompareErrorInfoLastString
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3723911898-0
                                                                                                                                                • Opcode ID: ac15f1c761fc46ce15ae46db0531c2a630b2064addb252c328d3406ef138df0c
                                                                                                                                                • Instruction ID: e9c30096ef19e7321cf9ec8262ee203e98a383fbab576983fe3b805a5da45205
                                                                                                                                                • Opcode Fuzzy Hash: ac15f1c761fc46ce15ae46db0531c2a630b2064addb252c328d3406ef138df0c
                                                                                                                                                • Instruction Fuzzy Hash: 08D115717057808AD7348F35AA407DA37A5F744798F54822BEE4E4BB49EBBCCA45C708
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00410240, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 409COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2460 410240-410288 2461 410294-4102a6 call 40a490 2460->2461 2462 41028a-41028e 2460->2462 2463 41039c-4103b4 2461->2463 2470 4102ac-4102c7 2461->2470 2462->2461 2462->2463 2465 4103ba-4103c4 call 460560 2463->2465 2466 41045f-410467 2463->2466 2471 4103c9-4103d4 2465->2471 2469 4103da-4103f3 call 410100 2466->2469 2481 4107e9-4107fb 2469->2481 2482 4103f9-41040c 2469->2482 2473 410394-410397 call 45fec0 2470->2473 2474 4102cd-410306 call 413cc0 call 460560 2470->2474 2471->2469 2475 41084d-410852 2471->2475 2473->2463 2489 41030b-41030e 2474->2489 2480 410808-41084c call 4743f0 2475->2480 2486 410805 2481->2486 2487 4107fd-410800 call 461df0 2481->2487 2485 410410-410420 2482->2485 2491 410422-41042c call 460da0 2485->2491 2492 41043d-410447 2485->2492 2486->2480 2487->2486 2493 410310-41031d call 461df0 2489->2493 2494 41031f-410336 GetModuleFileNameA 2489->2494 2506 410436 2491->2506 2507 41042e-410434 2491->2507 2496 410479-41048b 2492->2496 2497 410449-41045a 2492->2497 2493->2473 2494->2473 2501 410338-41034d call 45fee0 2494->2501 2498 41048d 2496->2498 2499 4104bf-4104c4 2496->2499 2497->2466 2503 410490-41049a call 460da0 2498->2503 2508 4104c6-4104d0 call 460da0 2499->2508 2509 4104ec-4104ef 2499->2509 2501->2473 2520 41034f-410373 2501->2520 2523 4104b4-4104b7 2503->2523 2524 41049c-41049f 2503->2524 2506->2492 2507->2491 2507->2506 2521 4104e2-4104ea 2508->2521 2522 4104d2-4104d5 2508->2522 2511 4104f5-410514 call 45fe10 2509->2511 2512 41059b-4105a1 2509->2512 2534 41051a-410526 2511->2534 2535 4107ce-4107db call 45fec0 2511->2535 2518 4105a3-4105ad call 460da0 2512->2518 2519 41061f-410624 2512->2519 2547 4105b7-4105ba 2518->2547 2548 4105af-4105b5 2518->2548 2528 410647-41064a 2519->2528 2520->2473 2527 410375-41038f call 413cc0 2520->2527 2521->2508 2521->2509 2522->2509 2529 4104d7-4104dc 2522->2529 2523->2499 2536 4104b9-4104bc 2523->2536 2532 4104a1-4104a6 2524->2532 2533 4104ac-4104b2 2524->2533 2527->2473 2530 41065c-41067c call 406510 2528->2530 2531 41064c-41064f 2528->2531 2529->2521 2539 4104de-4104e0 2529->2539 2558 410695-410698 2530->2558 2559 41067e-410681 2530->2559 2540 410651-410654 call 45fec0 2531->2540 2541 410659 2531->2541 2532->2523 2543 4104a8-4104aa 2532->2543 2533->2503 2533->2523 2544 410528-41052d 2534->2544 2545 41058e-410596 2534->2545 2562 4107e1 2535->2562 2536->2499 2539->2509 2539->2521 2540->2541 2541->2530 2543->2523 2543->2533 2544->2545 2552 41052f-410531 2544->2552 2545->2528 2554 410626-41062b 2547->2554 2555 4105bc-4105c8 2547->2555 2548->2518 2548->2547 2560 410581-410586 2552->2560 2561 410533-41053c 2552->2561 2554->2528 2556 4105e6-4105ea 2555->2556 2557 4105ca-4105cd 2555->2557 2564 410642 2556->2564 2565 4105ec-4105ee 2556->2565 2563 4105d0-4105da call 460da0 2557->2563 2569 410726-410728 2558->2569 2570 41069e-4106a8 2558->2570 2559->2558 2567 410683-410688 2559->2567 2566 410589-41058c 2560->2566 2561->2566 2568 41053e-410540 2561->2568 2562->2481 2563->2556 2595 4105dc-4105e4 2563->2595 2564->2528 2572 4105f0-4105f2 2565->2572 2573 41063b-410640 2565->2573 2566->2544 2566->2545 2567->2558 2576 41068a-410690 2567->2576 2577 410542-410544 2568->2577 2578 410575 2568->2578 2574 410793-410796 2569->2574 2575 41072a-41074d 2569->2575 2570->2574 2579 4106ae-4106b2 2570->2579 2585 410634-410639 2572->2585 2586 4105f4-4105f6 2572->2586 2573->2528 2581 4107a0-4107c6 call 45fec0 call 410100 2574->2581 2582 410798-41079b call 45fec0 2574->2582 2575->2574 2587 41074f-410753 2575->2587 2576->2575 2588 410546-410548 2577->2588 2589 410568-410573 2577->2589 2584 410577-41057f 2578->2584 2579->2574 2580 4106b8-4106cc call 45fe10 2579->2580 2604 41071e-410724 2580->2604 2605 4106ce-41071c call 403f90 2580->2605 2581->2485 2615 4107cc 2581->2615 2582->2581 2584->2566 2585->2528 2596 4105f8-41061d call 40acc0 2586->2596 2597 41062d-410632 2586->2597 2587->2574 2598 410755-410759 2587->2598 2590 41055b-410566 2588->2590 2591 41054a-41054c 2588->2591 2589->2566 2590->2566 2591->2584 2599 41054e-410559 2591->2599 2595->2556 2595->2563 2596->2528 2597->2528 2598->2574 2603 41075b-41075f 2598->2603 2599->2566 2603->2574 2608 410761-41078e call 40a290 call 40acc0 2603->2608 2604->2575 2605->2574 2608->2574 2615->2562
                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameA.KERNEL32 ref: 00410329
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileModuleName
                                                                                                                                                • String ID: %s%s$%s%s%s$%s:%d: warning: '%s' %s$%s:%d: warning: '%s' uses unquoted white space in the line that may cause side-effects!$<stdin>$_curlrc
                                                                                                                                                • API String ID: 514040917-7833359
                                                                                                                                                • Opcode ID: ceb33f71867c9ee3af007e0ad91048e079ff00e43134cc9906bca3e23264ba43
                                                                                                                                                • Instruction ID: 519962710f67e30d51fbcd066cb8d9d84cd5bf06f7638ecaeb6f1865a4eca919
                                                                                                                                                • Opcode Fuzzy Hash: ceb33f71867c9ee3af007e0ad91048e079ff00e43134cc9906bca3e23264ba43
                                                                                                                                                • Instruction Fuzzy Hash: 87E1EE712097C485DB208F22A4403EBA765F785B98F484127EFDA57796DEBCC8C2CB09
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419460, Relevance: 12.3, APIs: 8, Instructions: 266sleepnetworkCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2617 419460-41949b 2618 4194b9-4194bb 2617->2618 2619 41949d-4194a2 2617->2619 2621 4194e0-4194e2 2618->2621 2622 4194bd-4194bf 2618->2622 2619->2618 2620 4194a4 2619->2620 2624 4194a7-4194ab 2620->2624 2623 41982e-41985d 2621->2623 2625 4194c1-4194d3 WSASetLastError 2622->2625 2626 4194d8-4194da Sleep 2622->2626 2627 4194e7-4194f1 2624->2627 2628 4194ad-4194b7 2624->2628 2625->2623 2626->2621 2629 419500 2627->2629 2630 4194f3-4194fe call 426bf0 2627->2630 2628->2618 2628->2624 2632 419505-41953d 2629->2632 2630->2632 2634 419540-41954d 2632->2634 2635 419553-41955c 2634->2635 2636 41964a-419651 2634->2636 2635->2636 2638 419562-41956d 2635->2638 2636->2634 2637 419657-41965a 2636->2637 2639 419692-41969d 2637->2639 2640 41965c-41965f 2637->2640 2641 41956f-419577 2638->2641 2642 4195ae-4195b2 2638->2642 2646 4196b5-4196b7 2639->2646 2640->2639 2645 419661-419664 2640->2645 2647 419591-419594 2641->2647 2648 419579-41957c 2641->2648 2643 4195b4-4195bc 2642->2643 2644 4195fa-4195fe 2642->2644 2650 4195d4-4195d7 2643->2650 2651 4195be 2643->2651 2644->2636 2653 419600-419608 2644->2653 2645->2639 2652 419666-419668 2645->2652 2654 4196e6-4196e8 2646->2654 2655 4196b9-4196e4 2646->2655 2647->2642 2649 419596-41959a 2647->2649 2656 419580-419585 2648->2656 2649->2642 2657 41959c-4195a9 2649->2657 2650->2644 2661 4195d9-4195dd 2650->2661 2658 4195c0-4195c8 2651->2658 2659 419814 2652->2659 2660 41966e-419670 2652->2660 2662 419624-419627 2653->2662 2663 41960a-41960d 2653->2663 2664 4196f2-419730 select 2654->2664 2666 4196ea-4196ee 2654->2666 2655->2664 2656->2647 2665 419587-41958f 2656->2665 2657->2642 2658->2650 2670 4195ca-4195d2 2658->2670 2674 419816-419826 2659->2674 2671 419672-419680 WSASetLastError 2660->2671 2672 419685-41968d Sleep 2660->2672 2661->2644 2673 4195df-4195f2 2661->2673 2662->2636 2667 419629-41962d 2662->2667 2675 419610-419618 2663->2675 2668 419732-41973a WSAGetLastError 2664->2668 2669 419788-41978a 2664->2669 2665->2647 2665->2656 2666->2664 2667->2636 2676 41962f-419642 2667->2676 2677 41974b-41974d 2668->2677 2678 41973c-419742 2668->2678 2679 419796-419798 2669->2679 2680 41978c-419791 2669->2680 2670->2650 2670->2658 2671->2659 2672->2659 2673->2644 2674->2623 2675->2662 2681 41961a-419622 2675->2681 2676->2636 2683 4196a0-4196ad 2677->2683 2684 419753-41976c call 426bf0 call 426c30 2677->2684 2678->2669 2682 419744-419749 2678->2682 2685 41979a-41979c 2679->2685 2686 41979e-4197ad 2679->2686 2680->2674 2681->2662 2681->2675 2682->2669 2682->2677 2683->2646 2684->2685 2698 41976e-419783 2684->2698 2685->2674 2687 4197b0-4197bd 2686->2687 2689 41980b-419812 2687->2689 2690 4197bf-4197cb call 42c48e 2687->2690 2689->2659 2689->2687 2696 4197d1-4197e4 __WSAFDIsSet 2690->2696 2697 4197cd 2690->2697 2699 4197e6 2696->2699 2700 4197ea-4197fd __WSAFDIsSet 2696->2700 2697->2696 2698->2646 2699->2700 2701 419803-419807 2700->2701 2702 4197ff 2700->2702 2701->2689 2703 419809 2701->2703 2702->2701 2703->2689
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastSleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1458359878-0
                                                                                                                                                • Opcode ID: 050ff8e7c7a908849508c7e4af77ee5d89c403769a64d6ddf01c783b4bbbcf35
                                                                                                                                                • Instruction ID: 4c5994bae433f5bf0ff5a3b1bd26263af66db5948277fb2896908ebee9381b43
                                                                                                                                                • Opcode Fuzzy Hash: 050ff8e7c7a908849508c7e4af77ee5d89c403769a64d6ddf01c783b4bbbcf35
                                                                                                                                                • Instruction Fuzzy Hash: 3FA1077262969082CB354F19E5603AFB365FBC1B94F144216DE6653B94DB3DCC81CB0D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419A70, Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2744 419a70-419acf call 413cc0 call 42d310 2749 419af1-419b03 EnterCriticalSection 2744->2749 2750 419ad1-419ad9 WSAGetLastError 2744->2750 2751 419b05-419b14 LeaveCriticalSection 2749->2751 2752 419b56-419b60 LeaveCriticalSection 2749->2752 2753 419ae3-419ae8 2750->2753 2754 419adb-419ae1 WSAGetLastError 2750->2754 2757 419b25-419b36 2751->2757 2758 419b16-419b1c DeleteCriticalSection 2751->2758 2755 419b66-419b85 call 4743f0 2752->2755 2753->2749 2756 419aea 2753->2756 2754->2753 2756->2749 2762 419b38 call 42d2c0 2757->2762 2763 419b3d-419b54 call 460f80 2757->2763 2758->2757 2762->2763 2763->2755
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0042D310: getaddrinfo.WS2_32(?,?,?,?,?,?,?,?,?,?,00419ACB), ref: 0042D378
                                                                                                                                                  • Part of subcall function 0042D310: WSASetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00419ACB), ref: 0042D37F
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00419AD1
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00419ADB
                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 00419AF4
                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00419B08
                                                                                                                                                • DeleteCriticalSection.KERNEL32 ref: 00419B16
                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00419B60
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$ErrorLast$Leave$DeleteEntergetaddrinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 749948856-0
                                                                                                                                                • Opcode ID: 992a069709f6c31ec8a0e411eb499f29afff2afa8598a5b1b944226b89a6e6c6
                                                                                                                                                • Instruction ID: a357475f4eee50011446f32110fcad60a8495873841227e198ef08d7ffa9090d
                                                                                                                                                • Opcode Fuzzy Hash: 992a069709f6c31ec8a0e411eb499f29afff2afa8598a5b1b944226b89a6e6c6
                                                                                                                                                • Instruction Fuzzy Hash: 673105B6604A80C6EB54DF22E45039A73B0FB88F88F544016DB4E57B28DF7CD949CB58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042A400, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Failed to set SIO_KEEPALIVE_VALS on fd %d: %d, xrefs: 0042A4DD
                                                                                                                                                • Failed to set SO_KEEPALIVE on fd %d, xrefs: 0042A44C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorIoctlLastsetsockopt
                                                                                                                                                • String ID: Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d
                                                                                                                                                • API String ID: 1819429192-277924715
                                                                                                                                                • Opcode ID: 4f1df9dcdae01853105e7b9da6908811b0975e02ae02e8f8008338c75421903b
                                                                                                                                                • Instruction ID: 09d43f99b0a67230b89b78444f32fb36a0ceddd6cd4c1b3a09376715f4eb8848
                                                                                                                                                • Opcode Fuzzy Hash: 4f1df9dcdae01853105e7b9da6908811b0975e02ae02e8f8008338c75421903b
                                                                                                                                                • Instruction Fuzzy Hash: 46219C7270879186D7109F26E44474EB7A9F788B88F54012AEB8D87F58DBBCC545CF44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00466140, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressExitHandleModuleProcProcess
                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                • API String ID: 75539706-1276376045
                                                                                                                                                • Opcode ID: 4b255960f05c953bc5ed8402e649ad69c3005899242e79782227b0a2de538e9e
                                                                                                                                                • Instruction ID: e9c98754f3c0393fddb5f9c48d96d6bb1a56da9b71575faf2500b015c9af0d8a
                                                                                                                                                • Opcode Fuzzy Hash: 4b255960f05c953bc5ed8402e649ad69c3005899242e79782227b0a2de538e9e
                                                                                                                                                • Instruction Fuzzy Hash: 36E01290306B0041FF089B70AC943642774AB48B40F48142D4A0F06362EFBCC84DC75C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046F180, Relevance: 7.7, APIs: 5, Instructions: 246fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateFileA.KERNELBASE ref: 0046F3BF
                                                                                                                                                • GetFileType.KERNEL32 ref: 0046F3D1
                                                                                                                                                • CloseHandle.KERNEL32 ref: 0046F3DE
                                                                                                                                                • GetLastError.KERNEL32 ref: 0046F3E4
                                                                                                                                                • CloseHandle.KERNEL32 ref: 0046F421
                                                                                                                                                  • Part of subcall function 00468BE0: CloseHandle.KERNEL32(?,?,?,?,00468D04,?,?,?,?,00461D7E,?,?,?,?,00461E28), ref: 00468C2E
                                                                                                                                                  • Part of subcall function 00468BE0: GetLastError.KERNEL32(?,?,?,?,00468D04,?,?,?,?,00461D7E,?,?,?,?,00461E28), ref: 00468C38
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseHandle$ErrorFileLast$CreateType
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3635033729-0
                                                                                                                                                • Opcode ID: aaf2278ca104e1ac4fb8a423a6eb76d9386b9bf81e191c365724515a7ac89e6a
                                                                                                                                                • Instruction ID: 2f87662bfc400a7dd3b73fa9f8dc6b2ea99abd0df92103080d31aa1bf0864739
                                                                                                                                                • Opcode Fuzzy Hash: aaf2278ca104e1ac4fb8a423a6eb76d9386b9bf81e191c365724515a7ac89e6a
                                                                                                                                                • Instruction Fuzzy Hash: 4591C53620468085EB345F2AF45436F6650B7417A8F64463BDEE687BE1EB3DC849CB0B
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00465BB0, Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetStartupInfoA.KERNEL32 ref: 00465BDB
                                                                                                                                                  • Part of subcall function 00465EC0: Sleep.KERNEL32(?,?,?,?,00465BEC), ref: 00465EF4
                                                                                                                                                • GetFileType.KERNEL32 ref: 00465D36
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileInfoSleepStartupType
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1527402494-0
                                                                                                                                                • Opcode ID: 825c9859a287091dd884a7d3286909610f1059c93f2f14074ef71e498e2c61c8
                                                                                                                                                • Instruction ID: d9be916e1f8515ee866afd462a9b5c2e97c61de36225c92ec7e0d48f1140b477
                                                                                                                                                • Opcode Fuzzy Hash: 825c9859a287091dd884a7d3286909610f1059c93f2f14074ef71e498e2c61c8
                                                                                                                                                • Instruction Fuzzy Hash: 0C719FB1205F8085DB108B25E94872A3764F705BA8F65831BDABE873D0EB3DC856C75B
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419C70, Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 00419D52
                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00419D66
                                                                                                                                                • CloseHandle.KERNEL32 ref: 00419D73
                                                                                                                                                • SetLastError.KERNEL32 ref: 00419DF2
                                                                                                                                                  • Part of subcall function 00419950: InitializeCriticalSection.KERNEL32 ref: 004199E7
                                                                                                                                                  • Part of subcall function 00419950: DeleteCriticalSection.KERNEL32 ref: 00419A0F
                                                                                                                                                • DeleteCriticalSection.KERNEL32 ref: 00419D90
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$Delete$CloseEnterErrorHandleInitializeLastLeave
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1319367174-0
                                                                                                                                                • Opcode ID: 249db6e6b3e62efad946ccf3e2b40ab1ba51783647f9eaf550f759ae9fc7f8b2
                                                                                                                                                • Instruction ID: ed4c8023912201dae85d68fa271e89d9a749ee0a8b8da2aac8a6717419fb2ba0
                                                                                                                                                • Opcode Fuzzy Hash: 249db6e6b3e62efad946ccf3e2b40ab1ba51783647f9eaf550f759ae9fc7f8b2
                                                                                                                                                • Instruction Fuzzy Hash: 8C412876705B4082DB58DF22E66439A7360FB88B84F44401ACF5E57B20DF3CE9A4CB44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004656D0, Relevance: 7.5, APIs: 5, Instructions: 44threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ThreadValue$CurrentErrorExitLast
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1808566232-0
                                                                                                                                                • Opcode ID: af84f515f6e8438571f0ca1cf23243d6b477a38ee484d45bbc546e1765657892
                                                                                                                                                • Instruction ID: b7424f848bf09846d41a2f02d09c6c76d9a6bae5430aa72015ac15550f1ecdff
                                                                                                                                                • Opcode Fuzzy Hash: af84f515f6e8438571f0ca1cf23243d6b477a38ee484d45bbc546e1765657892
                                                                                                                                                • Instruction Fuzzy Hash: BC110565306B4086EB44AF32E84475973A1FB49B85F98843ADF4E87365EF3CC8148709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041A150, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 114COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • init_resolve_thread() failed for %s; %s, xrefs: 0041A28B
                                                                                                                                                • getaddrinfo() failed for %s:%d; %s, xrefs: 0041A2CE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                • String ID: getaddrinfo() failed for %s:%d; %s$init_resolve_thread() failed for %s; %s
                                                                                                                                                • API String ID: 1452528299-1389973398
                                                                                                                                                • Opcode ID: 0f662b7cb390a78905ed7db988bdb9d742d7dfd17c2f69ec7314286f4c3829a6
                                                                                                                                                • Instruction ID: bcd696c0a31c23370d5ae4158fce6d0e85a716414749417bc960df6e1d3951e5
                                                                                                                                                • Opcode Fuzzy Hash: 0f662b7cb390a78905ed7db988bdb9d742d7dfd17c2f69ec7314286f4c3829a6
                                                                                                                                                • Instruction Fuzzy Hash: 8E416A72719B8481CB609F62B94079AB3A5F788BC4F90002AEF8D97B59EF3CC455C709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00468AB0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleA.KERNELBASE(?,?,?,?,?,?,00466414,?,?,?,?,?,?,0046819B), ref: 00468AEF
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,00466414,?,?,?,?,?,?,0046819B), ref: 00468B04
                                                                                                                                                Strings
                                                                                                                                                • InitializeCriticalSectionAndSpinCount, xrefs: 00468AFA
                                                                                                                                                • kernel32.dll, xrefs: 00468AE8
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                                                • API String ID: 1646373207-3733552308
                                                                                                                                                • Opcode ID: 84b390c8ea35c3c1c0e56ecead250bdc29c3368b00754c50737d1c01184c8b1c
                                                                                                                                                • Instruction ID: acc36c6f73149781dbcb8dfa4e27ade675e762bef4c962ab1ca23e57e7197d18
                                                                                                                                                • Opcode Fuzzy Hash: 84b390c8ea35c3c1c0e56ecead250bdc29c3368b00754c50737d1c01184c8b1c
                                                                                                                                                • Instruction Fuzzy Hash: EF11D7B020AB4096EA50CB45A84031573A4F758B84F88066EDB4D43724FF7DD416C70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042B050, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • setsockopt.WS2_32 ref: 0042B088
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0042B092
                                                                                                                                                  • Part of subcall function 004183D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0041A288), ref: 004183E8
                                                                                                                                                  • Part of subcall function 004183D0: GetLastError.KERNEL32 ref: 004184C7
                                                                                                                                                  • Part of subcall function 004183D0: SetLastError.KERNEL32 ref: 004184D3
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast$setsockopt
                                                                                                                                                • String ID: Could not set TCP_NODELAY: %s$TCP_NODELAY set
                                                                                                                                                • API String ID: 3136324617-1562148346
                                                                                                                                                • Opcode ID: 95b059cf6715011c8bea582579cc7e102a3d8dd7c78aa21e41dd6193cc9105c5
                                                                                                                                                • Instruction ID: 817723ab3a29a3cfcaef88a505eac62bffbe1c234af957b23b3846edf6aac980
                                                                                                                                                • Opcode Fuzzy Hash: 95b059cf6715011c8bea582579cc7e102a3d8dd7c78aa21e41dd6193cc9105c5
                                                                                                                                                • Instruction Fuzzy Hash: 0E011DB5704B8182DA009F52E90439AB761FB89BD8F984116DF4D47B29DFBDC159CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00418DF0, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0042C180: GetVersionExA.KERNEL32 ref: 0042C1E0
                                                                                                                                                • GetProcAddressForCaller.KERNELBASE(?,?,?,?,0042FAA9,?,?,?,?,00414C98), ref: 00418E3E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressCallerProcVersion
                                                                                                                                                • String ID: InitSecurityInterfaceA$secur32.dll$security.dll
                                                                                                                                                • API String ID: 1946158156-3788156360
                                                                                                                                                • Opcode ID: 0ee484147ce1e7b22d3153a8d575cc2d2f17a267a4e9b7d5f8bbc34b48fedc17
                                                                                                                                                • Instruction ID: a05debb423e43c7f7ec9efe0b6975cc1d8b894699688950707e31c1d43952b61
                                                                                                                                                • Opcode Fuzzy Hash: 0ee484147ce1e7b22d3153a8d575cc2d2f17a267a4e9b7d5f8bbc34b48fedc17
                                                                                                                                                • Instruction Fuzzy Hash: B3F030B0B42F0085FE54DB62AC8176523D0AF55B44F84456E8A0DC2360FF3CC596CB18
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042EDD0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 181COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • select/poll on SSL socket, errno: %d, xrefs: 0042F055
                                                                                                                                                • schannel: timed out sending data (bytes sent: %zd), xrefs: 0042F023, 0042F07C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
                                                                                                                                                • API String ID: 0-3891197721
                                                                                                                                                • Opcode ID: 65ef274df420369aa348346ef2dbc14f6bc544e4b14d6592181711537be1cd08
                                                                                                                                                • Instruction ID: c15ac3e807ff7ba3fe78952a950a09a5ec31d5738e1313ec80d259279e0f3951
                                                                                                                                                • Opcode Fuzzy Hash: 65ef274df420369aa348346ef2dbc14f6bc544e4b14d6592181711537be1cd08
                                                                                                                                                • Instruction Fuzzy Hash: 6E818B76309B81C6DB208F26F44479AB3A5F784BA4F944226EFAD47B99DB3CC405CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042FB90, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • SSL/TLS connection timeout, xrefs: 0042FD84
                                                                                                                                                • select/poll on SSL/TLS socket, errno: %d, xrefs: 0042FD5F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
                                                                                                                                                • API String ID: 0-3791222319
                                                                                                                                                • Opcode ID: 03b946d3877a0e5fffc815ac0613dfe5e9e33cf296285e224a2ac0d1bc8e59f6
                                                                                                                                                • Instruction ID: 3cd4677bf7acc09ad05a532b3914bfd65381056c599635b7733016e7befd2712
                                                                                                                                                • Opcode Fuzzy Hash: 03b946d3877a0e5fffc815ac0613dfe5e9e33cf296285e224a2ac0d1bc8e59f6
                                                                                                                                                • Instruction Fuzzy Hash: AF51E0313147A582CB209B22B94876F73B1FB85BA4FD4463BDE2687794DB38D815C708
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00427C30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00427A30: recv.WS2_32 ref: 00427B2F
                                                                                                                                                • send.WS2_32 ref: 00427C7E
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00427C92
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastrecvsend
                                                                                                                                                • String ID: Send failure: %s
                                                                                                                                                • API String ID: 3418755260-857917747
                                                                                                                                                • Opcode ID: ec9cd42d27ad389e44ba5a15310e33f6444d7b1dc448c6bd25da865635be88b1
                                                                                                                                                • Instruction ID: f21f2413fa0fa4b1d8adaac81a6fbc90565feb8db304573241e49312aa65055d
                                                                                                                                                • Opcode Fuzzy Hash: ec9cd42d27ad389e44ba5a15310e33f6444d7b1dc448c6bd25da865635be88b1
                                                                                                                                                • Instruction Fuzzy Hash: 3E216D32719B90C6C7509F26F54035AA7A1F388BE8F681122EF5A47BA8CE7CC1028704
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042D310, Relevance: 4.7, APIs: 3, Instructions: 154networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • getaddrinfo.WS2_32(?,?,?,?,?,?,?,?,?,?,00419ACB), ref: 0042D378
                                                                                                                                                • WSASetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00419ACB), ref: 0042D37F
                                                                                                                                                  • Part of subcall function 0042D0A0: GetSystemDirectoryA.KERNEL32 ref: 0042D125
                                                                                                                                                  • Part of subcall function 0042D0A0: LoadLibraryA.KERNEL32 ref: 0042D183
                                                                                                                                                  • Part of subcall function 0042D0A0: GetProcAddress.KERNEL32 ref: 0042D197
                                                                                                                                                  • Part of subcall function 0042D0A0: FreeLibrary.KERNEL32 ref: 0042D1A5
                                                                                                                                                  • Part of subcall function 0042D0A0: LoadLibraryA.KERNEL32 ref: 0042D1E3
                                                                                                                                                  • Part of subcall function 0042D0A0: GetProcAddress.KERNEL32 ref: 0042D1F7
                                                                                                                                                  • Part of subcall function 0042D0A0: FreeLibrary.KERNEL32 ref: 0042D205
                                                                                                                                                • WSASetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00419ACB), ref: 0042D51C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Library$AddressErrorFreeLastLoadProc$DirectorySystemgetaddrinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3402602543-0
                                                                                                                                                • Opcode ID: 853c2a3efc17940b0bfeebe172d7a3d8e9f53925350bd3d396881b6c49dd3272
                                                                                                                                                • Instruction ID: 8a3008c65d6e079b7d32a1385d76a0522032599d72a6252252f268f4712e8074
                                                                                                                                                • Opcode Fuzzy Hash: 853c2a3efc17940b0bfeebe172d7a3d8e9f53925350bd3d396881b6c49dd3272
                                                                                                                                                • Instruction Fuzzy Hash: 3B512776706B5082EA24EF12E95072A77A4FB88F94F99852ACF8E43B14DF3CD544C748
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404B40, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0045FE10: RtlAllocateHeap.NTDLL(?,?,?,?,00465EEA,?,?,?,?,00465BEC), ref: 0045FE44
                                                                                                                                                  • Part of subcall function 0045FE10: HeapAlloc.KERNEL32(?,?,?,?,00465EEA,?,?,?,?,00465BEC), ref: 0045FE73
                                                                                                                                                • SearchPathA.KERNELBASE ref: 00404BA8
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$AllocAllocatePathSearch
                                                                                                                                                • String ID: @`L
                                                                                                                                                • API String ID: 287850878-2504798926
                                                                                                                                                • Opcode ID: d42543db88a6d4b28c402d638ec13edd1b57f0b6ee6083c792c3c2b23b37416e
                                                                                                                                                • Instruction ID: 694e90c71cf50fbf82d98ab8f71a4e73520131db1e24bd016d701de0e4e8148e
                                                                                                                                                • Opcode Fuzzy Hash: d42543db88a6d4b28c402d638ec13edd1b57f0b6ee6083c792c3c2b23b37416e
                                                                                                                                                • Instruction Fuzzy Hash: A0118872208B8086DB159F52B84176AB7A5F788BD4F48003AEF8A47B5ADF7CD414CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00414A80, Relevance: 3.1, APIs: 2, Instructions: 68networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CleanupStartup
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 915672949-0
                                                                                                                                                • Opcode ID: 569fb22dbc3efc613bba492129f39427a23791ed09fc875d2a20a0eb82be00ce
                                                                                                                                                • Instruction ID: 243b37dbb45c279dd0a109e6d742a8e8bc43899166ac20e7b1a94d8319a50ca9
                                                                                                                                                • Opcode Fuzzy Hash: 569fb22dbc3efc613bba492129f39427a23791ed09fc875d2a20a0eb82be00ce
                                                                                                                                                • Instruction Fuzzy Hash: F0214AF460AB0186FB619B16F8517E633A4BB98355F40002ADA8D86362FF6CC5859B5C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004657B0, Relevance: 3.1, APIs: 2, Instructions: 60threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateThread.KERNELBASE ref: 00465863
                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,0042DB1E), ref: 0046586E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateErrorLastThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1689873465-0
                                                                                                                                                • Opcode ID: 76a6197b7e5d07f61c422ac589519fc0d4e790b0f2a4b1467616ce4f2d79e0d1
                                                                                                                                                • Instruction ID: 815ce4eb3b7fa8e29ec4c9710690b4c884bfdebc453d43e596e4d0e4fc954588
                                                                                                                                                • Opcode Fuzzy Hash: 76a6197b7e5d07f61c422ac589519fc0d4e790b0f2a4b1467616ce4f2d79e0d1
                                                                                                                                                • Instruction Fuzzy Hash: 13213E31608B8086DB14AFA2B94035AB3A4F789BE4F94012AEF9947B59EF7CD4648705
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00414C20, Relevance: 3.1, APIs: 2, Instructions: 56networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • WSAStartup.WS2_32 ref: 00414CA5
                                                                                                                                                • WSACleanup.WS2_32 ref: 00414D15
                                                                                                                                                  • Part of subcall function 00418DF0: GetProcAddressForCaller.KERNELBASE(?,?,?,?,0042FAA9,?,?,?,?,00414C98), ref: 00418E3E
                                                                                                                                                  • Part of subcall function 00419860: socket.WS2_32 ref: 0041987C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressCallerCleanupProcStartupsocket
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2320918483-0
                                                                                                                                                • Opcode ID: 56d43d9eabee90baa1072eb0b6891ec7ba3411d6fcbe62c43cfb53cec955c4bd
                                                                                                                                                • Instruction ID: 1c562367de90b30d7d8760fd4e28c3d394458ebc2a1aca3e390f035754b9b3a3
                                                                                                                                                • Opcode Fuzzy Hash: 56d43d9eabee90baa1072eb0b6891ec7ba3411d6fcbe62c43cfb53cec955c4bd
                                                                                                                                                • Instruction Fuzzy Hash: A72149B4615F4181FB60EB12F8413EA33A5BB99748F800026DE4D82365EF3CC589C758
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045FE10, Relevance: 3.0, APIs: 2, Instructions: 45memoryCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RtlAllocateHeap.NTDLL(?,?,?,?,00465EEA,?,?,?,?,00465BEC), ref: 0045FE44
                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,?,00465EEA,?,?,?,?,00465BEC), ref: 0045FE73
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$AllocAllocate
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2177240990-0
                                                                                                                                                • Opcode ID: 815e9e86c80adf38db329bf639e17cace45d26f255a0c268ea31fe11f97082e6
                                                                                                                                                • Instruction ID: 897e450367451e13d035f563384c7ce554c27077621b2022d37ef2aa71074230
                                                                                                                                                • Opcode Fuzzy Hash: 815e9e86c80adf38db329bf639e17cace45d26f255a0c268ea31fe11f97082e6
                                                                                                                                                • Instruction Fuzzy Hash: 0C018461706B4081EB048B17A84031AA3A1F7CDBE5F5C0136EF5D53BAADF3CC4898B09
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00426DC0, Relevance: 3.0, APIs: 2, Instructions: 22networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastrecv
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2514157807-0
                                                                                                                                                • Opcode ID: 5844b63ef9383d101242dc78e94b1967ac89de1bbbf496a1948a0ec8864e250f
                                                                                                                                                • Instruction ID: d0d5cb576897fd53cfd92b3f9b12423d5ea56a2d85551a04aa309eee15ae3280
                                                                                                                                                • Opcode Fuzzy Hash: 5844b63ef9383d101242dc78e94b1967ac89de1bbbf496a1948a0ec8864e250f
                                                                                                                                                • Instruction Fuzzy Hash: 0EE0C2B1B1090843FF2853B5B8A57791145CB98732F985734DA3A8A7D0DA5C49D64714
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00466690, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$CreateInformation
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1774340351-0
                                                                                                                                                • Opcode ID: b25388e1f4a998067b74f2ef56253761c708096d6735c2516d3a7e06a5bc683d
                                                                                                                                                • Instruction ID: 28939662bcff9b5fb9c4de93bc1ff0593e5f1839ccf810af5d9fe283cd4cfc6b
                                                                                                                                                • Opcode Fuzzy Hash: b25388e1f4a998067b74f2ef56253761c708096d6735c2516d3a7e06a5bc683d
                                                                                                                                                • Instruction Fuzzy Hash: 50E086F6B26B9083FB985B21E849B566260F7D8784FD0502DEF4D42B64EFBCC1958B04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419050, Relevance: 3.0, APIs: 2, Instructions: 13networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • WSASetLastError.WS2_32(?,?,?,?,00414E1F), ref: 0041905F
                                                                                                                                                • SleepEx.KERNEL32(?,?,?,?,00414E1F), ref: 0041906F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastSleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1458359878-0
                                                                                                                                                • Opcode ID: ee635acd2ee8772ae622c96682e4ef0fdb01aa38d11b80b47d0bdab7989139f2
                                                                                                                                                • Instruction ID: 8d886e78c474cbaa4ed1ccd3f6ee4ace85b0f7aedea2cf8ab73121b6454e2785
                                                                                                                                                • Opcode Fuzzy Hash: ee635acd2ee8772ae622c96682e4ef0fdb01aa38d11b80b47d0bdab7989139f2
                                                                                                                                                • Instruction Fuzzy Hash: DFD012B4F0780292EA0C23219C6536510516B5C732FC00219C62A887D4DB5C49DA4704
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046E300, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • __initmbctable.LIBCMT ref: 0046E30D
                                                                                                                                                  • Part of subcall function 0045FEC0: RtlReleasePrivilege.NTDLL(?,?,?,?,004664B0,?,?,?,?,00468303), ref: 0045FED5
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PrivilegeRelease__initmbctable
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1797876752-0
                                                                                                                                                • Opcode ID: 7b04478e7e5ed8e61a786337712f43b90e95c479310eadbf75b0747534f56ae6
                                                                                                                                                • Instruction ID: 981ffad1635e5b8d4d04442d5b42b81358fc561622f1a909735068632a79e7e9
                                                                                                                                                • Opcode Fuzzy Hash: 7b04478e7e5ed8e61a786337712f43b90e95c479310eadbf75b0747534f56ae6
                                                                                                                                                • Instruction Fuzzy Hash: BA310ABA60678081EB50CB23A48035A77E1E745BE4F5C0217EFA8437D5EB3EC8858B05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046483B, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CommandLine
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3253501508-0
                                                                                                                                                • Opcode ID: a3e3c5691cb120215f20256173ec19fd40b32ff30f47c040bd5b0bc0083c8e96
                                                                                                                                                • Instruction ID: da645937a6986334da5563c23c4f61f7fe97a620def60bf914e7ad941156942a
                                                                                                                                                • Opcode Fuzzy Hash: a3e3c5691cb120215f20256173ec19fd40b32ff30f47c040bd5b0bc0083c8e96
                                                                                                                                                • Instruction Fuzzy Hash: BC213EB960538186EB547FB3A45132A2291ABC1759F04043FEB4587792FFAC88449A5F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004647DE, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00466690: HeapCreate.KERNELBASE ref: 004666A2
                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 004648F9
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CommandCreateHeapLine
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2517019150-0
                                                                                                                                                • Opcode ID: 19c3762b1f42ced47d8e1e960929f4efff554d326429ca6f248f5dd631559a41
                                                                                                                                                • Instruction ID: b40551d47dcd8cf346da9cd72c975aaddc8a388044c81303a7e223d8c4b01080
                                                                                                                                                • Opcode Fuzzy Hash: 19c3762b1f42ced47d8e1e960929f4efff554d326429ca6f248f5dd631559a41
                                                                                                                                                • Instruction Fuzzy Hash: 4D2162B560564187FB547BB7E81272A2292AB82349F04146FDB4587352FFACC8448B5F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00464873, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00466690: HeapCreate.KERNELBASE ref: 004666A2
                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 004648F9
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CommandCreateHeapLine
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2517019150-0
                                                                                                                                                • Opcode ID: dc751f9baddfa96ee2f320d1a5969c8ae3fa1a853b487dd19d449d11d0f6485e
                                                                                                                                                • Instruction ID: 1091e851c4943c156bca14033899ee374352654a1def464c9d530f4e33b018e8
                                                                                                                                                • Opcode Fuzzy Hash: dc751f9baddfa96ee2f320d1a5969c8ae3fa1a853b487dd19d449d11d0f6485e
                                                                                                                                                • Instruction Fuzzy Hash: 0D214CA970578182EB547BB3A41272A2292AB82349F04143FEB4587392FFACC804875F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00464827, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00466690: HeapCreate.KERNELBASE ref: 004666A2
                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 004648F9
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CommandCreateHeapLine
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2517019150-0
                                                                                                                                                • Opcode ID: dc751f9baddfa96ee2f320d1a5969c8ae3fa1a853b487dd19d449d11d0f6485e
                                                                                                                                                • Instruction ID: 1091e851c4943c156bca14033899ee374352654a1def464c9d530f4e33b018e8
                                                                                                                                                • Opcode Fuzzy Hash: dc751f9baddfa96ee2f320d1a5969c8ae3fa1a853b487dd19d449d11d0f6485e
                                                                                                                                                • Instruction Fuzzy Hash: 0D214CA970578182EB547BB3A41272A2292AB82349F04143FEB4587392FFACC804875F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00464260, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e0c250c48d94c51c5c1f64b5a3bf410bf999203af4124fbea61a81a039675f78
                                                                                                                                                • Instruction ID: dd7fd103089b98870ca5472483ff0e7121b756b7d89318256fbb9d368e556a44
                                                                                                                                                • Opcode Fuzzy Hash: e0c250c48d94c51c5c1f64b5a3bf410bf999203af4124fbea61a81a039675f78
                                                                                                                                                • Instruction Fuzzy Hash: F701D221705B8080EE488B17A940356A361E7CDBE8F6C0127FF4E437A9EE3CC0958B05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00462D10, Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                • Opcode ID: dd4ea415179fe7c0bfd5de5b11430550d7e9171a825dc883fb2edc75cfdd247c
                                                                                                                                                • Instruction ID: dbd3fcfd12b30177bf2c99b6cde85d8023873d72a380c71a96141f2d91591bee
                                                                                                                                                • Opcode Fuzzy Hash: dd4ea415179fe7c0bfd5de5b11430550d7e9171a825dc883fb2edc75cfdd247c
                                                                                                                                                • Instruction Fuzzy Hash: 30F0A760302F0555FE195B76BB507A292449B99BB5F0C5B368E3A8A3E4FBFCC4C5810E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419860, Relevance: 1.5, APIs: 1, Instructions: 31networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: socket
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 98920635-0
                                                                                                                                                • Opcode ID: 4189c32fd309d28d757fa6d01cfb753f28d4c1c4f5eea285b44bbd786961fe41
                                                                                                                                                • Instruction ID: b07700f128c14906a00c1203ddd504ffe1bcf4b57bcc66bc6e292bebafcae85b
                                                                                                                                                • Opcode Fuzzy Hash: 4189c32fd309d28d757fa6d01cfb753f28d4c1c4f5eea285b44bbd786961fe41
                                                                                                                                                • Instruction Fuzzy Hash: 8EF082B170220187F704DFBAA8D4B963255E754334F85872DEA3A9B2E0C76898988B1C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042B2D0, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: closesocket
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2781271927-0
                                                                                                                                                • Opcode ID: e0b6c51315c5bf3edf7cc572f045187a8044557b6936f2999e1c9c271e330ee7
                                                                                                                                                • Instruction ID: 134469779855fb340b590921a78d51fbe18d85ba284d67f0d394b1ac53b40b14
                                                                                                                                                • Opcode Fuzzy Hash: e0b6c51315c5bf3edf7cc572f045187a8044557b6936f2999e1c9c271e330ee7
                                                                                                                                                • Instruction Fuzzy Hash: D8F03C7130AA40C5CB14DB1AE5843AAA374EB49BD8FA80026DF4947728CF3DC4828B44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004153E0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32 ref: 00415413
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 237503144-0
                                                                                                                                                • Opcode ID: ee1bb8074a8fb1c987e3c698e220a338710cf4d26901fe07cd6eb29be314ad87
                                                                                                                                                • Instruction ID: e1547e541216e5d4a55e5c8e06f5f40ab761fcb27bcb6e4567a07287ebc2a1d9
                                                                                                                                                • Opcode Fuzzy Hash: ee1bb8074a8fb1c987e3c698e220a338710cf4d26901fe07cd6eb29be314ad87
                                                                                                                                                • Instruction Fuzzy Hash: A6F05E75A24AC082EF31E715F4543EA63A0F7C9748F8401159A8D0A765DF3CC648CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00414BC0, Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Cleanup
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 99945797-0
                                                                                                                                                • Opcode ID: ed39c373ef81d787906e31c3fc3a40bdcb5237fc0ba92cf4ea7c6724e1660ee3
                                                                                                                                                • Instruction ID: 52f31e6ac1fa21e808d37e042b8a6ad6db3426ceb5732992a75d77d1e6e3b4a7
                                                                                                                                                • Opcode Fuzzy Hash: ed39c373ef81d787906e31c3fc3a40bdcb5237fc0ba92cf4ea7c6724e1660ee3
                                                                                                                                                • Instruction Fuzzy Hash: 87E092B460FA4143F395672AA84674539505B5232CF45014A9620463A2E7AC44C08BAD
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00465690, Relevance: 1.5, APIs: 1, Instructions: 14threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExitThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2158977761-0
                                                                                                                                                • Opcode ID: 81bea15a211f38faa605d11893773da6726a5329c1f63d64fbb58ac133b034ba
                                                                                                                                                • Instruction ID: 80c5b8fcf727d17b3797aa42a5029488723d9a8706539bf719626ea94030297f
                                                                                                                                                • Opcode Fuzzy Hash: 81bea15a211f38faa605d11893773da6726a5329c1f63d64fbb58ac133b034ba
                                                                                                                                                • Instruction Fuzzy Hash: 7AD0C960B13B0641EE5977A6E85572912505F4A754F8C182E5D1D0B361FE6CC814C35E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402BD0, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ioctlsocket
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3577187118-0
                                                                                                                                                • Opcode ID: 902a142a989ff78e805f5340326c1da37fd9befc17faa3ee98e137cd65b9a284
                                                                                                                                                • Instruction ID: 6e08ba395850d31a2431f36cd6730955a384405a36eda1e24ea76f27d59f38bb
                                                                                                                                                • Opcode Fuzzy Hash: 902a142a989ff78e805f5340326c1da37fd9befc17faa3ee98e137cd65b9a284
                                                                                                                                                • Instruction Fuzzy Hash: 60C08055F15981C2D3445B6954413866772A7C4248FD55415D3074112CDE3CC1E58B04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00418E70, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • FreeLibrary.KERNELBASE(?,?,?,?,00414C05), ref: 00418E80
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                • Opcode ID: 849a5501fbb722a31a8aca101d7d4da3856a910ae8b2118e519396c4413102d0
                                                                                                                                                • Instruction ID: 448c111db683846bb961890b9ffef50bffb2016e909220afbc298a7e47d7f8e3
                                                                                                                                                • Opcode Fuzzy Hash: 849a5501fbb722a31a8aca101d7d4da3856a910ae8b2118e519396c4413102d0
                                                                                                                                                • Instruction Fuzzy Hash: 37D012B4A1BE0082FA48DF32BC907242264BF88701F809908CB4B26224CF7C48A68B18
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045FEC0, Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RtlReleasePrivilege.NTDLL(?,?,?,?,004664B0,?,?,?,?,00468303), ref: 0045FED5
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PrivilegeRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 113639715-0
                                                                                                                                                • Opcode ID: 9f86fe518bcd17c32de11dc155d5f10da49df3681f584fb98da9d991cb4b3dc1
                                                                                                                                                • Instruction ID: 4a972bfd50eec19036504e8ed9b7a32a5358c75ff9531621f4aaa6a6e1a0666a
                                                                                                                                                • Opcode Fuzzy Hash: 9f86fe518bcd17c32de11dc155d5f10da49df3681f584fb98da9d991cb4b3dc1
                                                                                                                                                • Instruction Fuzzy Hash: 22C04CD4A07A4481EA1897525C9133111116FC8792EC44429DE0E596229E7C415B4609
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00465F30, Relevance: 1.3, APIs: 1, Instructions: 34sleepCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00462D10: RtlAllocateHeap.NTDLL ref: 00462D55
                                                                                                                                                • Sleep.KERNEL32(?,?,?,?,00468298), ref: 00465F75
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocateHeapSleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4201116106-0
                                                                                                                                                • Opcode ID: 7035d22741a127dd6393845fb0bacdad96759f3797e431a64faa03e51ef576f8
                                                                                                                                                • Instruction ID: 0843f57396854dbd392e000836ffbcdd70d407d2ee7d632008aeaf2622358f79
                                                                                                                                                • Opcode Fuzzy Hash: 7035d22741a127dd6393845fb0bacdad96759f3797e431a64faa03e51ef576f8
                                                                                                                                                • Instruction Fuzzy Hash: EAF03C32728E8486DA189F02E84011EA365F389BD5F681125FF9E17F98DB3CD9618B05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00465EC0, Relevance: 1.3, APIs: 1, Instructions: 28sleepCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0045FE10: RtlAllocateHeap.NTDLL(?,?,?,?,00465EEA,?,?,?,?,00465BEC), ref: 0045FE44
                                                                                                                                                  • Part of subcall function 0045FE10: HeapAlloc.KERNEL32(?,?,?,?,00465EEA,?,?,?,?,00465BEC), ref: 0045FE73
                                                                                                                                                • Sleep.KERNEL32(?,?,?,?,00465BEC), ref: 00465EF4
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$AllocAllocateSleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1327310711-0
                                                                                                                                                • Opcode ID: 5cdb79de003987c623acd571239f66fbb1358bf1a8f011fe77376b379592ae3d
                                                                                                                                                • Instruction ID: 2d7a4cb00f078253fda9c3aa2bd89e8d4476f05ea97f1460575547909565564e
                                                                                                                                                • Opcode Fuzzy Hash: 5cdb79de003987c623acd571239f66fbb1358bf1a8f011fe77376b379592ae3d
                                                                                                                                                • Instruction Fuzzy Hash: 65F0B432325B8482CA049F06E84021EB361F3C9B90F580115FF8E17B55CF3DD8618B05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 0043CF40, Relevance: 107.4, APIs: 48, Strings: 13, Instructions: 684COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ;binary$DN: $LDAP local: %s$LDAP local: %s$LDAP local: Cannot connect to %s:%ld$LDAP local: LDAP Vendor = %s ; LDAP Version = %d$LDAP local: ldap_simple_bind_s %s$LDAP local: trying to establish %s connection$LDAP remote: %s$Microsoft Corporation.$There are more than %d entries$cleartext$encrypted
                                                                                                                                                • API String ID: 0-1575950145
                                                                                                                                                • Opcode ID: f1a3631a2ea8f96406b642f001cf5310ae48468acd7f7b95f428cb995f9e7051
                                                                                                                                                • Instruction ID: 928790bbfb58ce29b5fbff1c0657f6aba65d207a259d370337f5d7b59838ed19
                                                                                                                                                • Opcode Fuzzy Hash: f1a3631a2ea8f96406b642f001cf5310ae48468acd7f7b95f428cb995f9e7051
                                                                                                                                                • Instruction Fuzzy Hash: DC52787AA08A408ADB149F12B40039AB3B0F789FD8F544416DF8E57B58DFBDD946CB48
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0044CE20, Relevance: 44.4, Strings: 35, Instructions: 659COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %s%s%s:%hu$%s:%hu$%zd bytes of chunk left$1.0$1.1$CONNECT$CONNECT %s HTTP/%s%s%s%s%s$CONNECT responded chunked$Connect me again please$Connection:$Content-Length:$Establish HTTP proxy tunnel to %s:%hu$Failed sending CONNECT to proxy$HTTP/1.%d %d$Host:$Host: %s$Ignore %I64d bytes of response-body$Proxy CONNECT aborted$Proxy CONNECT aborted due to select/poll error$Proxy CONNECT aborted due to timeout$Proxy CONNECT connection closed$Proxy CONNECT followed by %zd bytes of opaque data. Data ignored (known bug #39)$Proxy replied OK to CONNECT request$Proxy-Connection:$Proxy-Connection: Keep-Alive$Proxy-authenticate:$Read %zd bytes of chunk, continue$Received HTTP code %d from proxy after CONNECT$TUNNEL_STATE switched to: %d$Transfer-Encoding:$User-Agent:$WWW-Authenticate:$chunk reading DONE$chunked$close
                                                                                                                                                • API String ID: 0-416532
                                                                                                                                                • Opcode ID: f3bb864199d9f95e702441e84d4cdc8564a584d275db642c3bc83ee9bf1cd575
                                                                                                                                                • Instruction ID: 18e9ac2d7a06f88d0e780f6017105091c19cb4a3185fd07021b1e8d3a76774cc
                                                                                                                                                • Opcode Fuzzy Hash: f3bb864199d9f95e702441e84d4cdc8564a584d275db642c3bc83ee9bf1cd575
                                                                                                                                                • Instruction Fuzzy Hash: 7B52CBB2708B8186EB20DF16E4883AA73A0F749B98F50411BDF9947B55EF7CC545CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042A600, Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 302networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • getsockname() failed with errno %d: %s, xrefs: 0042AA7C
                                                                                                                                                • Bind to local port %hu failed, trying next, xrefs: 0042A9DC
                                                                                                                                                • Couldn't bind to '%s', xrefs: 0042A95C
                                                                                                                                                • bind failed with errno %d: %s, xrefs: 0042AABF
                                                                                                                                                • Name '%s' family %i resolved to '%s' family %i, xrefs: 0042A87B
                                                                                                                                                • Local port: %hu, xrefs: 0042AA85
                                                                                                                                                • Local Interface %s is ip %s using address family %i, xrefs: 0042A7AC
                                                                                                                                                • Couldn't bind to interface '%s', xrefs: 0042A7D6
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: htons$bind$ErrorLastgetsockname
                                                                                                                                                • String ID: Bind to local port %hu failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s
                                                                                                                                                • API String ID: 3628919538-2769131373
                                                                                                                                                • Opcode ID: 0ae58da1949f9afff8250e7c1c126c6e940ae12f66851557f66fbbdcff625933
                                                                                                                                                • Instruction ID: 0aa6aefb8b16d188f774b708b68f11bcb6600b85300c6c7f7914af3d40a604be
                                                                                                                                                • Opcode Fuzzy Hash: 0ae58da1949f9afff8250e7c1c126c6e940ae12f66851557f66fbbdcff625933
                                                                                                                                                • Instruction Fuzzy Hash: 9BC1D475308A9086DB20DB52B4043AF6361FB84BE4F844617EE9A47B94EF7CC555C70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004624F0, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 207COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ./\
                                                                                                                                                • API String ID: 0-3176372042
                                                                                                                                                • Opcode ID: 6ded1542b74f58fad2292516f739665d6a7adb6dba47926216edbe942f67422e
                                                                                                                                                • Instruction ID: ffbf36ad20c5724544878d8546d55197797f0d74499a272a9b7740e146dd4035
                                                                                                                                                • Opcode Fuzzy Hash: 6ded1542b74f58fad2292516f739665d6a7adb6dba47926216edbe942f67422e
                                                                                                                                                • Instruction Fuzzy Hash: 4F91A472208B91D6D7609F21E54432EB3B0F785B94F54421AEB9947B98FBBCC844CB1A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00416370, Relevance: 18.4, Strings: 14, Instructions: 855COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: $%s$--%sContent-Disposition: attachment$--%s--$--%s--$Content-Type: %s$Content-Type: multipart/mixed; boundary=%s$%s; boundary=%s$--%s$------------------------%08x%08x$; filename="%s"$Content-Disposition: form-data; name="$Content-Type: multipart/form-data$couldn't open file "%s"
                                                                                                                                                • API String ID: 0-3553099412
                                                                                                                                                • Opcode ID: 9fbd35aa7f209db35fd8cd1792564467beb35553afa949fcca7b28004eaecf65
                                                                                                                                                • Instruction ID: a43b2830a17fdfb69f37ed158d5997a1d1c879b3af57b2b7d142738d78600e3b
                                                                                                                                                • Opcode Fuzzy Hash: 9fbd35aa7f209db35fd8cd1792564467beb35553afa949fcca7b28004eaecf65
                                                                                                                                                • Instruction Fuzzy Hash: DA729C76319B8086DB50DF12E4407AAA7A1F789BC4F564026EF8E47B59EF3CC485C709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00467160, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 234timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,00467D55,?,?,?,?,00460588), ref: 004673B5
                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00467463
                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 004674BE
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$InformationTimeZone
                                                                                                                                                • String ID: mL$?$lL
                                                                                                                                                • API String ID: 1904278450-3670013262
                                                                                                                                                • Opcode ID: 4bf8f2c36c359aab32ae9b5f5db9113060855a76139db94217cc97d872789949
                                                                                                                                                • Instruction ID: b000f7364369d5854add489a533b58d76bfbdcd449a64e019a3f8866c32feac0
                                                                                                                                                • Opcode Fuzzy Hash: 4bf8f2c36c359aab32ae9b5f5db9113060855a76139db94217cc97d872789949
                                                                                                                                                • Instruction Fuzzy Hash: 83A1F7B1709B8085FB50CF26E81071A7BA1F786B98F48911BDB99437A9EF3CC441C75A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00413E00, Relevance: 10.7, Strings: 8, Instructions: 709COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %$%ld$(nil)$(nil)$-$.%ld$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                • API String ID: 0-2861588038
                                                                                                                                                • Opcode ID: 0e725291da20821ff9c479591339fbdd6b3797a57a8c4d74fea0f69677d1abf1
                                                                                                                                                • Instruction ID: 7ce463dbc130664866a8cbbdf2eac3d1a3cd040fa54457bf3ffbad350346442c
                                                                                                                                                • Opcode Fuzzy Hash: 0e725291da20821ff9c479591339fbdd6b3797a57a8c4d74fea0f69677d1abf1
                                                                                                                                                • Instruction Fuzzy Hash: 7A322876208B8541D7349E25A5803EBA751F7C27A8F640317EFAA437D8EB7CC9C68709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004735B0, Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoLocale$ByteCharErrorLastMultiWide
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 97497842-0
                                                                                                                                                • Opcode ID: 162fa76e655f62e48f342dd57192cfa5d92f928d7b87557aa9ac4cb32d5226bb
                                                                                                                                                • Instruction ID: 97db6eab7c6de0abeae1f84fa1e48cba5ea8ceeeb898c76f1c084fc89f160466
                                                                                                                                                • Opcode Fuzzy Hash: 162fa76e655f62e48f342dd57192cfa5d92f928d7b87557aa9ac4cb32d5226bb
                                                                                                                                                • Instruction Fuzzy Hash: 6351B0B6204B808AD728CF36E84079A77A5FB54B99F14811AEF4E87F58DB7CC640D744
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004733A0, Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 0047340A
                                                                                                                                                • GetLastError.KERNEL32 ref: 00473423
                                                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 00473455
                                                                                                                                                • GetLocaleInfoA.KERNEL32 ref: 00473498
                                                                                                                                                • GetLocaleInfoA.KERNEL32 ref: 00473517
                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00473542
                                                                                                                                                  • Part of subcall function 00465EC0: Sleep.KERNEL32(?,?,?,?,00465BEC), ref: 00465EF4
                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00473568
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoLocale$ByteCharMultiWide$ErrorLastSleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 406007779-0
                                                                                                                                                • Opcode ID: e904266738e2eb366e8725b2934370903dd98325af83b4e107b4e95778f61bdd
                                                                                                                                                • Instruction ID: ed8063448968d7dbe5bf11de3bbc316f3cfb5c369c31eafcfaa60234928f2c19
                                                                                                                                                • Opcode Fuzzy Hash: e904266738e2eb366e8725b2934370903dd98325af83b4e107b4e95778f61bdd
                                                                                                                                                • Instruction Fuzzy Hash: 6251BD72204B808AD729CF31E84079A37A5FB48BD9F54461AEF4E47B68DF38C650D788
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046C860, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 100COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                • String ID: 040a$1252$850$ESP$ESP
                                                                                                                                                • API String ID: 2299586839-1770330732
                                                                                                                                                • Opcode ID: f5de885a840cf94c5a246cb766c777c0208ad5d1d3c9385b5fb7f50ebe37a379
                                                                                                                                                • Instruction ID: 4e6e06e1fbf34f8d12c7f5523447f929b74cae9f06ce62115c9941a61f5ca9cb
                                                                                                                                                • Opcode Fuzzy Hash: f5de885a840cf94c5a246cb766c777c0208ad5d1d3c9385b5fb7f50ebe37a379
                                                                                                                                                • Instruction Fuzzy Hash: 2C3106F270664096DF388B14A4C53B9B352E7407C2F55852BD78B0B718FB2DC908C74A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00418CD0, Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RtlCaptureContext.KERNEL32 ref: 00418CF0
                                                                                                                                                • RtlLookupFunctionEntry.KERNEL32 ref: 00418D08
                                                                                                                                                • RtlVirtualUnwind.KERNEL32 ref: 00418D42
                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 00418DA9
                                                                                                                                                • UnhandledExceptionFilter.KERNEL32 ref: 00418DB6
                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00418DBC
                                                                                                                                                • TerminateProcess.KERNEL32 ref: 00418DCA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3266983031-0
                                                                                                                                                • Opcode ID: acde2d345e0f718c11ac7e12cabaf5b18d9b00d9140d02817220e4e837b09da6
                                                                                                                                                • Instruction ID: d7cc3f0c487cd12426d2c31f8cfab6936e8e1243b5020f23a1c755ede6b40393
                                                                                                                                                • Opcode Fuzzy Hash: acde2d345e0f718c11ac7e12cabaf5b18d9b00d9140d02817220e4e837b09da6
                                                                                                                                                • Instruction Fuzzy Hash: 933122B520AF40C2FA409B16F84474973A4F789B84F94411ADB8E57B25DF7CC55ACB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00456370, Relevance: 9.1, APIs: 6, Instructions: 110encryptionCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Crypt$Context$Release$AcquireDestroyEncryptImport
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3016261861-0
                                                                                                                                                • Opcode ID: 3ba492c37778ac28713ff9c57f4d0219f9bee1cb93fa59a423da9b7815465661
                                                                                                                                                • Instruction ID: 16c9f988158b86884b01019c7bd57e5720104d88e2570e8a2b6cbe15457a7bab
                                                                                                                                                • Opcode Fuzzy Hash: 3ba492c37778ac28713ff9c57f4d0219f9bee1cb93fa59a423da9b7815465661
                                                                                                                                                • Instruction Fuzzy Hash: 59418C72208AD08AE7108B66F45039EBBA1F79A784F444016EBDD47B5ACB7DD109DB10
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00456660, Relevance: 9.1, APIs: 6, Instructions: 80encryptionCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Crypt$Hash$Context$AcquireCreateDataDestroyParamRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3186506766-0
                                                                                                                                                • Opcode ID: a41be1ab9e583a3211cbe86c037b72e8f50702a371174f568234a51b9bef8954
                                                                                                                                                • Instruction ID: 61b645c84aad8114bff7e27323231f715ba79615f11f6b04ac539b6d5c2a56f7
                                                                                                                                                • Opcode Fuzzy Hash: a41be1ab9e583a3211cbe86c037b72e8f50702a371174f568234a51b9bef8954
                                                                                                                                                • Instruction Fuzzy Hash: CA319076319A8086EB50CF21E90475AB7B0FB89B94F844215EB8E87B59CF7CC4098B04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046DE60, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125fileCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,?,?,?,?,?,?,0046E0B6), ref: 0046DF23
                                                                                                                                                • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,0046E0B6), ref: 0046E033
                                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,?,?,?,?,0046E0B6), ref: 0046E06E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$HandleModuleNameWrite
                                                                                                                                                • String ID: ...$Microsoft Visual C++ Runtime Library
                                                                                                                                                • API String ID: 3784150691-1400160072
                                                                                                                                                • Opcode ID: 226ef7b518c2117cbe9dc6a769243f1fe6b36ee4981da16d3e794de98cf74bca
                                                                                                                                                • Instruction ID: 06c1d40aa478eecae307031368e9fdbcecd44f8f1d9a219dc1497ef89d426aa1
                                                                                                                                                • Opcode Fuzzy Hash: 226ef7b518c2117cbe9dc6a769243f1fe6b36ee4981da16d3e794de98cf74bca
                                                                                                                                                • Instruction Fuzzy Hash: AA518276704B808ADB54CF26E8403AAB3A1F74A7A0F484316EBBA43B95DF7CD515C709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004183B4, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0041A288), ref: 004183E8
                                                                                                                                                • FormatMessageA.KERNEL32 ref: 00418454
                                                                                                                                                • GetLastError.KERNEL32 ref: 004184C7
                                                                                                                                                • SetLastError.KERNEL32 ref: 004184D3
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast$FormatMessage
                                                                                                                                                • String ID: Unknown error %d (%#x)
                                                                                                                                                • API String ID: 71157656-2414550090
                                                                                                                                                • Opcode ID: 3a5d755d4fab77669bc3ac3b8a879641e3c11082faf149fd313662fd0d5134a5
                                                                                                                                                • Instruction ID: 96f339f9139ca9121b223d169d0f06e7f8c7f82a30a9e1875808c06aad9fd0f2
                                                                                                                                                • Opcode Fuzzy Hash: 3a5d755d4fab77669bc3ac3b8a879641e3c11082faf149fd313662fd0d5134a5
                                                                                                                                                • Instruction Fuzzy Hash: DF21A33130878282EB159F27B41076A6B92EBC5BC8F48413EDA4E4BB55EF7DC4818709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042FAF0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36encryptionCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CryptAcquireContextA.ADVAPI32 ref: 0042FB25
                                                                                                                                                • CryptGenRandom.ADVAPI32 ref: 0042FB39
                                                                                                                                                • CryptReleaseContext.ADVAPI32 ref: 0042FB4A
                                                                                                                                                • CryptReleaseContext.ADVAPI32 ref: 0042FB6B
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Crypt$Context$Release$AcquireRandom
                                                                                                                                                • String ID: @
                                                                                                                                                • API String ID: 2916321625-2766056989
                                                                                                                                                • Opcode ID: 477fb04b8c0f41af54bbd451bf6e143659ea3268cd8cef9d97d5c4263828ef31
                                                                                                                                                • Instruction ID: dc5aec170ef780f159e38d2dbf2e8eefd2ca63437efb5fbd2bb979295c983fdd
                                                                                                                                                • Opcode Fuzzy Hash: 477fb04b8c0f41af54bbd451bf6e143659ea3268cd8cef9d97d5c4263828ef31
                                                                                                                                                • Instruction Fuzzy Hash: E601FF75718B8082EB00CB22E85475BA761FBC9BD4F845025EB8D5BB59CF7CD045CB44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00446E10, Relevance: 7.7, Strings: 6, Instructions: 182COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: Authentication problem. Ignoring this.$Basic$Digest$Ignoring duplicate digest auth header.$NTLM$Negotiate
                                                                                                                                                • API String ID: 0-3881471014
                                                                                                                                                • Opcode ID: e5d392c302c8843e98bc1a5401d0db5c722175d30d4e1d670bdbc3d1ce031887
                                                                                                                                                • Instruction ID: da2da668f4d46c538039c4994f12e57c6e861c90881df88e9631f5e3f7463178
                                                                                                                                                • Opcode Fuzzy Hash: e5d392c302c8843e98bc1a5401d0db5c722175d30d4e1d670bdbc3d1ce031887
                                                                                                                                                • Instruction Fuzzy Hash: 6361F37130878196FB289F22D60436B7BA0F742788F58801BDF9683755DB3DD51AC70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040A100, Relevance: 6.3, Strings: 5, Instructions: 55COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %s $@`L$Features: $Protocols: $curl 7.51.0 (x86_64-pc-win32) %s
                                                                                                                                                • API String ID: 0-344921250
                                                                                                                                                • Opcode ID: f7bdc60936643f48f5f27e9a861f2e698d564a64e30cdaaa39c36d04edd7d0d7
                                                                                                                                                • Instruction ID: 4691e6ec1c41284f0e3cd592bd4d0b66ae1c4685b52f943f829142e3c177b4dd
                                                                                                                                                • Opcode Fuzzy Hash: f7bdc60936643f48f5f27e9a861f2e698d564a64e30cdaaa39c36d04edd7d0d7
                                                                                                                                                • Instruction Fuzzy Hash: 44217CB1742B0492EB10DF16E88435A7330F74AB88F88442BDA0D673A5EB7CC954C70E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00466720, Relevance: 6.2, APIs: 4, Instructions: 151fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileWrite
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                • Opcode ID: 874a21f8e545dd59b22886acc15dbb77d98025f3c8fe32885be09b4a800b727c
                                                                                                                                                • Instruction ID: cf590f86eeed8f841a9020015e0a13dccd99df4d9b439ec764c29d264b4d87b3
                                                                                                                                                • Opcode Fuzzy Hash: 874a21f8e545dd59b22886acc15dbb77d98025f3c8fe32885be09b4a800b727c
                                                                                                                                                • Instruction Fuzzy Hash: 6E51CEB6229BC581DB209F25E40476EB764F385B88F4A511AEF8E87754EF3CC405CB0A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00431460, Relevance: 6.0, APIs: 4, Instructions: 33encryptionCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CryptGetHashParam.ADVAPI32 ref: 00431494
                                                                                                                                                • CryptGetHashParam.ADVAPI32 ref: 004314BA
                                                                                                                                                • CryptDestroyHash.ADVAPI32 ref: 004314CE
                                                                                                                                                • CryptReleaseContext.ADVAPI32 ref: 004314E3
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Crypt$Hash$Param$ContextDestroyRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2110207923-0
                                                                                                                                                • Opcode ID: 0528aa71ace4f5e0c23ad0d26e666df61b23e247e06e6c3e976f8ea24affebc6
                                                                                                                                                • Instruction ID: 8b0dafff62f1cf8d34d4ea0b8d4e2fa1ed688c7b10a01a24d6ba78ea46a6ef51
                                                                                                                                                • Opcode Fuzzy Hash: 0528aa71ace4f5e0c23ad0d26e666df61b23e247e06e6c3e976f8ea24affebc6
                                                                                                                                                • Instruction Fuzzy Hash: 1F012876208A80C6EB10CF91E55475AB771FB89BD8F584106EB8D0BB69CFBCC049CB44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043AFF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastbind
                                                                                                                                                • String ID: bind() failed; %s
                                                                                                                                                • API String ID: 2328862993-1141498939
                                                                                                                                                • Opcode ID: caf49a837ff5325693c0d8de6b9bcc25077c9bb950a95aaff9aff5692cc112eb
                                                                                                                                                • Instruction ID: 8d516841e23eef6881152935270ab2a2387371371402efd165103739b0c24e2c
                                                                                                                                                • Opcode Fuzzy Hash: caf49a837ff5325693c0d8de6b9bcc25077c9bb950a95aaff9aff5692cc112eb
                                                                                                                                                • Instruction Fuzzy Hash: 3C417B32205B8486EB188F22E98039E73B0F789B84F44902ADB1D47754DF7DD8A4C744
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00432080, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                                                • API String ID: 1452528299-3491811756
                                                                                                                                                • Opcode ID: a5beef631b661cdff40499abf21f90fe32ae3897ef96faca202ceeefa0b5d013
                                                                                                                                                • Instruction ID: 3dc2f335d2f42323b505c4b206b036a467994b078233cb4c9affd6a6065dc89f
                                                                                                                                                • Opcode Fuzzy Hash: a5beef631b661cdff40499abf21f90fe32ae3897ef96faca202ceeefa0b5d013
                                                                                                                                                • Instruction Fuzzy Hash: 4221C4766087C482DB008B26A61036EB760F79ABE0F685217EBDE47B99CB6CC555CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00411CC0, Relevance: 4.0, Strings: 3, Instructions: 203COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: out of memory$too many globs$unmatched close brace/bracket
                                                                                                                                                • API String ID: 0-3324938048
                                                                                                                                                • Opcode ID: 1d1eec26c07d1e56efa74989fb39a5c4c4c55d79d1a0b24dae3af4517363e370
                                                                                                                                                • Instruction ID: 31e2f638712d1ca5f2aa0a588ce399103a8f9013aa3a00f2726582be2a36b2da
                                                                                                                                                • Opcode Fuzzy Hash: 1d1eec26c07d1e56efa74989fb39a5c4c4c55d79d1a0b24dae3af4517363e370
                                                                                                                                                • Instruction Fuzzy Hash: FC818A32609B848ADB648F15B4443EB77A5F386B84F84411BDBCA83769DF3CC486C70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004055F0, Relevance: 3.9, Strings: 3, Instructions: 154COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %s$%s$Failed to open %s to write libcurl code!
                                                                                                                                                • API String ID: 0-3591596397
                                                                                                                                                • Opcode ID: 234543eb8e581e89b3c8e70aef27f184315125f3d9a08c514c5b9cdcb1cbe56e
                                                                                                                                                • Instruction ID: 948022fbf5a70f1c49e0ddc9a3c717c8e797cf8a104be62c2830c7c9c72ee618
                                                                                                                                                • Opcode Fuzzy Hash: 234543eb8e581e89b3c8e70aef27f184315125f3d9a08c514c5b9cdcb1cbe56e
                                                                                                                                                • Instruction Fuzzy Hash: C1518EA4746F5081EA249F16A54076B6320F749BD4F88402BEF8D37B69DF7CD842CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0041364E, Relevance: 3.8, Strings: 3, Instructions: 53COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: $$I32$I64
                                                                                                                                                • API String ID: 0-872934916
                                                                                                                                                • Opcode ID: fa6a9ad1b144017a48c2d022ade2040b2c3703da87461119f83892f0bb56d5ea
                                                                                                                                                • Instruction ID: d549dabf135f47df9d46b99816f4aaeb870fb8bb484b1d556d883552033ab722
                                                                                                                                                • Opcode Fuzzy Hash: fa6a9ad1b144017a48c2d022ade2040b2c3703da87461119f83892f0bb56d5ea
                                                                                                                                                • Instruction Fuzzy Hash: C1110872A085A051DB229F36D4103FFBA94AB06B4DF085157CF5653349DA6DC7418B4A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00435730, Relevance: 3.1, APIs: 2, Instructions: 82networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentProcesshtons
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2530476045-0
                                                                                                                                                • Opcode ID: e14ca365bc88286f43aa9bd30f1dccaae0688a34d72819a3e0eb7d24535b6004
                                                                                                                                                • Instruction ID: 3e051d8766c7cfef52c34fd275743753d5d53748ec65c4bcf8767c4529a6c662
                                                                                                                                                • Opcode Fuzzy Hash: e14ca365bc88286f43aa9bd30f1dccaae0688a34d72819a3e0eb7d24535b6004
                                                                                                                                                • Instruction Fuzzy Hash: F441D4B670ABC0AAC71CDF65EA0029AB7A5F748744F04503AE7A883754DB78E170C70C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00431400, Relevance: 3.0, APIs: 2, Instructions: 20encryptionCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CryptAcquireContextA.ADVAPI32 ref: 0043141C
                                                                                                                                                • CryptCreateHash.ADVAPI32 ref: 0043143D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Crypt$AcquireContextCreateHash
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1914063823-0
                                                                                                                                                • Opcode ID: f2ab21801e73175b70f96c10313c4eb8e9699c534165814134d2448c1adc313e
                                                                                                                                                • Instruction ID: 390955b18d5544c01d6a96d6482ea59ecdae7ebb2e6fcce6b4033f284e8e73e8
                                                                                                                                                • Opcode Fuzzy Hash: f2ab21801e73175b70f96c10313c4eb8e9699c534165814134d2448c1adc313e
                                                                                                                                                • Instruction Fuzzy Hash: AAE08671B2899182FB208B75F815F166360FB98B4CF8490109F8C4BB14DF7CC1558F48
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046C5F0, Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetCPInfo.KERNEL32 ref: 0046C6BA
                                                                                                                                                  • Part of subcall function 00471130: GetLastError.KERNEL32 ref: 0047119C
                                                                                                                                                  • Part of subcall function 0045FEC0: RtlReleasePrivilege.NTDLL(?,?,?,?,004664B0,?,?,?,?,00468303), ref: 0045FED5
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorInfoLastPrivilegeRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2532465754-0
                                                                                                                                                • Opcode ID: 34d21a849edad8b7fb186a4dad68939409665808c18afe91c3e6753899810f99
                                                                                                                                                • Instruction ID: a07f85f4817691f811a4a060bf36055767f4083cf6657aa3b392d81c0e77eb8f
                                                                                                                                                • Opcode Fuzzy Hash: 34d21a849edad8b7fb186a4dad68939409665808c18afe91c3e6753899810f99
                                                                                                                                                • Instruction Fuzzy Hash: D451E0B260579181EB209F22A48477A77A5F745B86F48402BEBC987B51EB3DC480CB5E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00435030, Relevance: 1.6, APIs: 1, Instructions: 66networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: htons
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4207154920-0
                                                                                                                                                • Opcode ID: d430aeb7864c15df4bc2b53146709f47f1fac3f5e5c9018bb3972570f3af40b4
                                                                                                                                                • Instruction ID: c132369b3e82b6864aec94be42d1ca0b517860416fa6123aad4cc155548078ce
                                                                                                                                                • Opcode Fuzzy Hash: d430aeb7864c15df4bc2b53146709f47f1fac3f5e5c9018bb3972570f3af40b4
                                                                                                                                                • Instruction Fuzzy Hash: B9313AB2609BC486D754DB66B50078BB3A9FB48784F44002AEBDE43714DB7CE520CB4C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045F820, Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                • Opcode ID: cc52103b46af980987f08aa5711dcdc314fecb14fd51eaa88c03e973e1cb2db8
                                                                                                                                                • Instruction ID: 82c76eaabdd1dfbba94a6cd6f6009a82845611a02df4484e4cc6e708f2e38e37
                                                                                                                                                • Opcode Fuzzy Hash: cc52103b46af980987f08aa5711dcdc314fecb14fd51eaa88c03e973e1cb2db8
                                                                                                                                                • Instruction Fuzzy Hash: E1711C727341B48BEB754B1EA410AAA7390F36678DFD52215EBC617B41CA3DF904CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045285E, Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %02x:
                                                                                                                                                • API String ID: 0-959296634
                                                                                                                                                • Opcode ID: fb84d0de505600e7aa09680c2608bbbe7f162b13b69497e00579f0a68adfa83a
                                                                                                                                                • Instruction ID: 0e1a7a0a40d455068efe880efb0c0d397416aa6ea4750396e2c4914608905c3a
                                                                                                                                                • Opcode Fuzzy Hash: fb84d0de505600e7aa09680c2608bbbe7f162b13b69497e00579f0a68adfa83a
                                                                                                                                                • Instruction Fuzzy Hash: 3C216036709AC485DB219F12D2403EAA761F38AFD5F084013CF8D27B59CABCD449CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00461CA0, Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 00461CD7
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastValue$CurrentSleepThread
                                                                                                                                                • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                • API String ID: 1883287227-798102604
                                                                                                                                                • Opcode ID: 1aaf12626c02d9b9f7f4a4d6fc085ef3e8b31405635bbfce13b59a2ae4b5ef42
                                                                                                                                                • Instruction ID: 08171a8485a98405dd9fc9a220ece30fdae58cd960a88be13d36d27179d69788
                                                                                                                                                • Opcode Fuzzy Hash: 1aaf12626c02d9b9f7f4a4d6fc085ef3e8b31405635bbfce13b59a2ae4b5ef42
                                                                                                                                                • Instruction Fuzzy Hash: D8019E72A01B8485DB508F16A48035A67B5F79ABC4F59501BDB4953325EF3DC490C709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004479A0, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HTTP/
                                                                                                                                                • API String ID: 0-2417072641
                                                                                                                                                • Opcode ID: b41deab5757cec866d812800bc592310d5363b561b9e02edcbc8fbcaa74b00d7
                                                                                                                                                • Instruction ID: 7618e738eda69b4f20c98f9241cd7aee4a0fb116f6de772486b7152c5759cb8c
                                                                                                                                                • Opcode Fuzzy Hash: b41deab5757cec866d812800bc592310d5363b561b9e02edcbc8fbcaa74b00d7
                                                                                                                                                • Instruction Fuzzy Hash: 9801B131318B8081EB109F16E44079EB364E799FE4F581226FF5967BC8DF2DC8428708
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00436DC0, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: QUIT
                                                                                                                                                • API String ID: 0-1967077921
                                                                                                                                                • Opcode ID: 11e5d73abc2b3112a123a8597cf3f5363e5eadc69c9113ea760dd1c487001404
                                                                                                                                                • Instruction ID: 6e82a45dc22cdae925a79dfc219ce5118ff7b3b3ed75c413001cc678aceec669
                                                                                                                                                • Opcode Fuzzy Hash: 11e5d73abc2b3112a123a8597cf3f5363e5eadc69c9113ea760dd1c487001404
                                                                                                                                                • Instruction Fuzzy Hash: C511C635701682A2DB58DB25D5413AEB3E1F78A744F54D026CB4C43314DF3DE4A9CB49
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045F000, Relevance: .3, Instructions: 330COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6ac22de058223ad6e4619c6c4dcc531e65a390263fc4512585d1f331ab3e86ed
                                                                                                                                                • Instruction ID: 7334431312613af909c8623eb9408b9f051d261dc1b32322a94eb8767837a9ea
                                                                                                                                                • Opcode Fuzzy Hash: 6ac22de058223ad6e4619c6c4dcc531e65a390263fc4512585d1f331ab3e86ed
                                                                                                                                                • Instruction Fuzzy Hash: CCD1FF76618B9086D7208F29E04076FB7A1F395B85F108126EEC913F59DB3EC88DCB06
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00423DD0, Relevance: .3, Instructions: 254COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 978f63ccd4896818d2c9ce7d0e914eb6a93fc125870159c04eea53fa6b93cc94
                                                                                                                                                • Instruction ID: 9f2132b43609cf68f8f8a243fb1e0cfb1be0233a721adb88ce024c269b0ae92c
                                                                                                                                                • Opcode Fuzzy Hash: 978f63ccd4896818d2c9ce7d0e914eb6a93fc125870159c04eea53fa6b93cc94
                                                                                                                                                • Instruction Fuzzy Hash: FEB16736305B9482CA60DF06F44436A7364F784BA4F95421AEBAE477D4DF3CC495CB14
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045F510, Relevance: .2, Instructions: 214COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a5b35e35ed89e1c3a802fee8f4f37d9e275ea125df2f40ec9685654bc12a9269
                                                                                                                                                • Instruction ID: e22bb89da69bf39da223201dca3505feb89a08bc3bbfdc02da5dd3c624681a93
                                                                                                                                                • Opcode Fuzzy Hash: a5b35e35ed89e1c3a802fee8f4f37d9e275ea125df2f40ec9685654bc12a9269
                                                                                                                                                • Instruction Fuzzy Hash: B9616D23F8D0A01BC77E4B3DB054F386DD10A6A30B30561B6E6AAD5E97E04ECB157B18
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004628B0, Relevance: .2, Instructions: 191COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastValue$CurrentThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 526964173-0
                                                                                                                                                • Opcode ID: dd789965735a8681535f8a5403b97f32ae52b200e969e4c804df06422ef34872
                                                                                                                                                • Instruction ID: b2e3e988202e5dbf875a444be87385b5d7d31191f26ebc5d98ede3cf0a856cd5
                                                                                                                                                • Opcode Fuzzy Hash: dd789965735a8681535f8a5403b97f32ae52b200e969e4c804df06422ef34872
                                                                                                                                                • Instruction Fuzzy Hash: B7512662708E9491DB348E15D65137B6790F781BA8F190203DAEA03BA8FAFCC845D70B
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004705B0, Relevance: .1, Instructions: 98COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d9e6e19027a0bbade38f3ef157ce979be168f2a9f9de3ef991022c5993d3ac9a
                                                                                                                                                • Instruction ID: 89ab6f2182ea864261caca180b8598a3ab845d31494b27015be71c29f3ceac8a
                                                                                                                                                • Opcode Fuzzy Hash: d9e6e19027a0bbade38f3ef157ce979be168f2a9f9de3ef991022c5993d3ac9a
                                                                                                                                                • Instruction Fuzzy Hash: 3F3105B2A29680C6D7548F25E5506AEB7A1F3D5780F54A02BFB8D87B08DA3CC121CB00
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00423EF8, Relevance: .1, Instructions: 84COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 840f5aac0a104cffea4c21cc0ce0ef5d80934e250fb474986a5400d9606ac052
                                                                                                                                                • Instruction ID: 636a1a0f99c37a9866a8760742108c30b9db1540560f2b4cd29703183bf6e241
                                                                                                                                                • Opcode Fuzzy Hash: 840f5aac0a104cffea4c21cc0ce0ef5d80934e250fb474986a5400d9606ac052
                                                                                                                                                • Instruction Fuzzy Hash: FC31BF72704B9482CB208F15F0407AAB3A5F3D1BA4F915216EEA957BC8DF7CC996CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00423F3C, Relevance: .1, Instructions: 80COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 017b26a30f03679a48c56d0273665bb8e4bc616325ae34192c2bce5cded9d56a
                                                                                                                                                • Instruction ID: 5ca53b1fb814586d6a1e3c132256e82cf1af280ec18f55a1f004f51464ce841e
                                                                                                                                                • Opcode Fuzzy Hash: 017b26a30f03679a48c56d0273665bb8e4bc616325ae34192c2bce5cded9d56a
                                                                                                                                                • Instruction Fuzzy Hash: 4331C022718B9482C620CF45F0407AAB3A5F7C5B94F921107EF9907B48DF7DC851CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00423E6C, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4c0baaae08cf56c424ad6df8cf01e2146f1b05de2c5faddd7f62dd11ce6d8653
                                                                                                                                                • Instruction ID: 89eb48d9b4aef11d855ba3f61356fb79bc9de67e9efd7773a412ac7a4b4a419f
                                                                                                                                                • Opcode Fuzzy Hash: 4c0baaae08cf56c424ad6df8cf01e2146f1b05de2c5faddd7f62dd11ce6d8653
                                                                                                                                                • Instruction Fuzzy Hash: 9521AC72718B9482D7208F06F0407AAB3A5F3D1B94F51120AEF9A57B88DF7DC896CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00423ED5, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 151d49b6bba9c223c28d3de9845385128453e5457f77c65d7ed00dc0203a27f2
                                                                                                                                                • Instruction ID: 9a7c6acb1117081864a79bc1fe5ab5cddeaef1228138b9f16d105e14f0c193f7
                                                                                                                                                • Opcode Fuzzy Hash: 151d49b6bba9c223c28d3de9845385128453e5457f77c65d7ed00dc0203a27f2
                                                                                                                                                • Instruction Fuzzy Hash: 2A218B72708B9482D720CF05F0403AAB3A4F3D5B94F55121AEF9A57B98DF79C896CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00423EB2, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7abb80280d0855fa785c4108b5eb940fd444223b0144e88608f1b3fb770340ad
                                                                                                                                                • Instruction ID: 4fec1fdd7ea38ec0382c71255942e526ff3b1d25f6d8df0dd5e00ff25669976d
                                                                                                                                                • Opcode Fuzzy Hash: 7abb80280d0855fa785c4108b5eb940fd444223b0144e88608f1b3fb770340ad
                                                                                                                                                • Instruction Fuzzy Hash: BA21AC72718B9482D7208F06F0407AAB3A5F3D1B94F51120AEF9A57B88DF7DC896CB04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00423F7B, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f001f312ffea12cfd28f62854255cf2eea203b1a61c258d3ed6beef8f6cafb65
                                                                                                                                                • Instruction ID: 6b3507ad2baaf4a98da144e96bc987ead9d2d71c4c3c8e209c989177586a8239
                                                                                                                                                • Opcode Fuzzy Hash: f001f312ffea12cfd28f62854255cf2eea203b1a61c258d3ed6beef8f6cafb65
                                                                                                                                                • Instruction Fuzzy Hash: 8D21AC72718B9482D7208F06F0407AAB3A5F3D1B94F51120AEF9A57B88DF7DC896CB05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00461FA0, Relevance: .1, Instructions: 55COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 166851d1d29ce2275dca8cf41f5a5ea37a8e895a69a7f9249a33ce57d041ff1c
                                                                                                                                                • Instruction ID: 7df3c6c5a90e0d857a7dbbdf815d23d97f91ee732d79f89497e3be4f41b3a71f
                                                                                                                                                • Opcode Fuzzy Hash: 166851d1d29ce2275dca8cf41f5a5ea37a8e895a69a7f9249a33ce57d041ff1c
                                                                                                                                                • Instruction Fuzzy Hash: 1D01046361ABD056DA118F21B85077EBBA0E386388F148025EECCA7B16DA6EC405CB14
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00453630, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 654146474c745548caac8689ee5cc0a787eb41f402168a614920b0d61bbac1ee
                                                                                                                                                • Instruction ID: 7d5842f973b972705347f715c2557c0ef1e493d277a172763225fb91d72d72b0
                                                                                                                                                • Opcode Fuzzy Hash: 654146474c745548caac8689ee5cc0a787eb41f402168a614920b0d61bbac1ee
                                                                                                                                                • Instruction Fuzzy Hash: B2D0A79291A2E04DDF128E1040183787F604313B82BC4608786C563243C24DC34DC75B
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00431450, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 705c5d19e00c7098aea93799445186d59a55bfb6358ebab464b31130d65a1047
                                                                                                                                                • Instruction ID: 85bde8039188989a7a1e8878a9f9a5706e51287afe792e72b070de9269db6b1b
                                                                                                                                                • Opcode Fuzzy Hash: 705c5d19e00c7098aea93799445186d59a55bfb6358ebab464b31130d65a1047
                                                                                                                                                • Instruction Fuzzy Hash: 1CA002B271BD89C0E7108B15F6B0F156770F7D8B99F9590158A0D4A820CF75C542C344
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043FE58, Relevance: 75.7, APIs: 25, Strings: 18, Instructions: 418networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • FreeLibrary(wsock2) failed (%d), xrefs: 0044049B
                                                                                                                                                • WSAEnumNetworkEvents, xrefs: 004400D7
                                                                                                                                                • failed to find WSAEventSelect function (%d), xrefs: 004400B2
                                                                                                                                                • insufficient winsock version to support telnet, xrefs: 0043FFC7
                                                                                                                                                • WSACreateEvent, xrefs: 0044001D
                                                                                                                                                • WSACloseEvent, xrefs: 00440060
                                                                                                                                                • WS2_32.DLL, xrefs: 0043FFE0
                                                                                                                                                • WSACloseEvent failed (%d), xrefs: 00440476
                                                                                                                                                • failed to find WSAEnumNetworkEvents function (%d), xrefs: 004400F7
                                                                                                                                                • Time-out, xrefs: 0044044E
                                                                                                                                                • WSAStartup failed (%d), xrefs: 0043FF87
                                                                                                                                                • failed to find WSACloseEvent function (%d), xrefs: 00440080
                                                                                                                                                • , xrefs: 0044040A
                                                                                                                                                • WSAEventSelect, xrefs: 0044008C
                                                                                                                                                • failed to find WSACreateEvent function (%d), xrefs: 0044003B
                                                                                                                                                • WSACreateEvent failed (%d), xrefs: 00440118
                                                                                                                                                • WSAEnumNetworkEvents failed (%d), xrefs: 00440356
                                                                                                                                                • failed to load WS2_32.DLL (%d), xrefs: 00440002
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Startup
                                                                                                                                                • String ID: $FreeLibrary(wsock2) failed (%d)$Time-out$WS2_32.DLL$WSACloseEvent$WSACloseEvent failed (%d)$WSACreateEvent$WSACreateEvent failed (%d)$WSAEnumNetworkEvents$WSAEnumNetworkEvents failed (%d)$WSAEventSelect$WSAStartup failed (%d)$failed to find WSACloseEvent function (%d)$failed to find WSACreateEvent function (%d)$failed to find WSAEnumNetworkEvents function (%d)$failed to find WSAEventSelect function (%d)$failed to load WS2_32.DLL (%d)$insufficient winsock version to support telnet
                                                                                                                                                • API String ID: 724789610-3877627569
                                                                                                                                                • Opcode ID: ebbb70bd064bc774e1459744d6a69340ce36674c3769f7f9522a00035c7d70dc
                                                                                                                                                • Instruction ID: 0cbf78b841dfcafcd1211000251c0899bd2e9a5e69aee4fe15afbaf9ae750785
                                                                                                                                                • Opcode Fuzzy Hash: ebbb70bd064bc774e1459744d6a69340ce36674c3769f7f9522a00035c7d70dc
                                                                                                                                                • Instruction Fuzzy Hash: 9F02A172308B85C6EB20DF26E88439A73A0F749B84F944526DF8A87765EF7CC555CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042D0A0, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 111libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Library$AddressProc$FreeLoad$DirectorySystem
                                                                                                                                                • String ID: \ws2_32$\wship6$freeaddrinfo$getaddrinfo$getnameinfo
                                                                                                                                                • API String ID: 1621665182-744132762
                                                                                                                                                • Opcode ID: 5ecf28480564f9acf14ca8f76f896e004fb6657e615e2682a5804dd0cd82db9c
                                                                                                                                                • Instruction ID: 6d4af1a8ace13b45f1f5077064615dc2eaf294a3fb5c0f556d863b18176092b4
                                                                                                                                                • Opcode Fuzzy Hash: 5ecf28480564f9acf14ca8f76f896e004fb6657e615e2682a5804dd0cd82db9c
                                                                                                                                                • Instruction Fuzzy Hash: 4B514E7570AF8485EB60CB11F88439A73A4F789BA4F944266DEAD43B64EF7CC015CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043ECC0, Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 181networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: send$ErrorLast
                                                                                                                                                • String ID: #$%127[^,],%127s$%c%c$%c%c%c%c$%c%c%c%c%s%c%c$%c%s%c%s$Sending data failed (%d)
                                                                                                                                                • API String ID: 2200680727-931584821
                                                                                                                                                • Opcode ID: f316a9dc4915804870693697d1606c7c33d6bc8e86e1df005a4107c5a3f57527
                                                                                                                                                • Instruction ID: f6b341dd1e2fee9ee73d5f1e3fe4c4d51cbe2a24cf6bec064a6668aa873eded0
                                                                                                                                                • Opcode Fuzzy Hash: f316a9dc4915804870693697d1606c7c33d6bc8e86e1df005a4107c5a3f57527
                                                                                                                                                • Instruction Fuzzy Hash: 38819C72308AC291EB24DF66E4447DAB360F788798F840226EB9D57B99DF7CC149CB44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00471FE0, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 96libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,0046E015), ref: 0047201C
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,0046E015), ref: 00472038
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,0046E015), ref: 00472054
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,0046E015), ref: 0047206B
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,0046E015), ref: 0047208B
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,0046E015), ref: 004720A7
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                                                                                                • API String ID: 2238633743-1612076079
                                                                                                                                                • Opcode ID: 07378d0cc2c725cd0b3b1ce214d7988079e3a9779f11c526b340e12858bba01c
                                                                                                                                                • Instruction ID: 3f5aadab560cb96dea760ab04b3b9d9f7ab813d39c4fb1ead1654ba0431912ae
                                                                                                                                                • Opcode Fuzzy Hash: 07378d0cc2c725cd0b3b1ce214d7988079e3a9779f11c526b340e12858bba01c
                                                                                                                                                • Instruction Fuzzy Hash: E7412AB4306B9081FE64CF11B9407AA73A5FB48B80F84842ADB4D07724DFBCC415CB1A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042EB60, Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 141encryptionCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CertFreeCertificateContext.CRYPT32 ref: 0042ED7F
                                                                                                                                                Strings
                                                                                                                                                • schannel: failed to retrieve remote cert context, xrefs: 0042ED8D
                                                                                                                                                • schannel: failed to setup confidentiality, xrefs: 0042EC01
                                                                                                                                                • schannel: failed to setup sequence detection, xrefs: 0042EBCF
                                                                                                                                                • schannel: SSL/TLS connection with %s port %hu (step 3/3), xrefs: 0042EB8F
                                                                                                                                                • schannel: failed to setup stream orientation, xrefs: 0042EC35
                                                                                                                                                • schannel: failed to setup memory allocation, xrefs: 0042EC1B
                                                                                                                                                • schannel: failed to store credential handle, xrefs: 0042ECD0
                                                                                                                                                • schannel: old credential handle is stale, removing, xrefs: 0042EC90
                                                                                                                                                • schannel: failed to setup replay detection, xrefs: 0042EBE8
                                                                                                                                                • schannel: stored credential handle in session cache, xrefs: 0042ECEE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CertCertificateContextFree
                                                                                                                                                • String ID: schannel: SSL/TLS connection with %s port %hu (step 3/3)$schannel: failed to retrieve remote cert context$schannel: failed to setup confidentiality$schannel: failed to setup memory allocation$schannel: failed to setup replay detection$schannel: failed to setup sequence detection$schannel: failed to setup stream orientation$schannel: failed to store credential handle$schannel: old credential handle is stale, removing$schannel: stored credential handle in session cache
                                                                                                                                                • API String ID: 3080675121-474070536
                                                                                                                                                • Opcode ID: f01bd9b555f01f3abcb8a7eac71ebd2285fd38ae522862356f97c223942d7a58
                                                                                                                                                • Instruction ID: 2e1d00e084558f7aed693c31dfb80c8bbff79f7d49be8bf954bf9d79165f371b
                                                                                                                                                • Opcode Fuzzy Hash: f01bd9b555f01f3abcb8a7eac71ebd2285fd38ae522862356f97c223942d7a58
                                                                                                                                                • Instruction Fuzzy Hash: 42519C72308A9182EA20DF17F5543AE6361E785BD8FC8012AEE894B769EF7CC441C719
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004184F0, Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 126windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Unknown error, xrefs: 00418A40
                                                                                                                                                • %s - %s, xrefs: 00418982
                                                                                                                                                • CRYPT_E_REVOKED, xrefs: 004188AD
                                                                                                                                                • %s (0x%08X), xrefs: 004188B4
                                                                                                                                                • SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log., xrefs: 00418A6A
                                                                                                                                                • No error, xrefs: 004189B8
                                                                                                                                                • SEC_I_CONTINUE_NEEDED, xrefs: 004189C4
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast$FormatMessage
                                                                                                                                                • String ID: %s (0x%08X)$%s - %s$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
                                                                                                                                                • API String ID: 71157656-1752685260
                                                                                                                                                • Opcode ID: 9ea28fa248d940cd1311dc329394381287a49431079c0f0e9bd67641e083d3b1
                                                                                                                                                • Instruction ID: a536e61bb4163d8a999f940337025174faba8250d78c7b72859ec47068e1a3fd
                                                                                                                                                • Opcode Fuzzy Hash: 9ea28fa248d940cd1311dc329394381287a49431079c0f0e9bd67641e083d3b1
                                                                                                                                                • Instruction Fuzzy Hash: 7A519E71308B8586EB20DF65E4803EA6361FB85788F84402BDB8D47B96EF3DC545C75A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046EAD0, Relevance: 18.3, APIs: 12, Instructions: 333COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • LCMapStringW.KERNEL32(?,?,0046FEF7,?,?,?,?,0046E672), ref: 0046EB48
                                                                                                                                                • GetLastError.KERNEL32(?,?,0046FEF7,?,?,?,?,0046E672), ref: 0046EB68
                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 0046EC29
                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 0046ECD6
                                                                                                                                                • LCMapStringW.KERNEL32 ref: 0046ECF9
                                                                                                                                                • LCMapStringW.KERNEL32 ref: 0046ED48
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1775797328-0
                                                                                                                                                • Opcode ID: e37419dfec489d44b8fcf179d30d1444cf6bb73c437dc83e2a043aeef44d213a
                                                                                                                                                • Instruction ID: 0902b204f8af4bd5253da4b7311b838ec43131065b3b9961d135934957eb00a3
                                                                                                                                                • Opcode Fuzzy Hash: e37419dfec489d44b8fcf179d30d1444cf6bb73c437dc83e2a043aeef44d213a
                                                                                                                                                • Instruction Fuzzy Hash: 42D19275205BC08AD7248F26E84039A77E5F748BDCF14422AEA5D47B98EB3CC945C709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043AAC0, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 216networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • tftp_tx: internal error, event: %i, xrefs: 0043AB01
                                                                                                                                                • tftp_tx: giving up waiting for block %d ack, xrefs: 0043ACA0
                                                                                                                                                • Timeout waiting for block %d ACK. Retries = %d, xrefs: 0043AB22
                                                                                                                                                • Received ACK for block %d, expecting %d, xrefs: 0043AC81
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: sendto$ErrorLast
                                                                                                                                                • String ID: Received ACK for block %d, expecting %d$Timeout waiting for block %d ACK. Retries = %d$tftp_tx: giving up waiting for block %d ack$tftp_tx: internal error, event: %i
                                                                                                                                                • API String ID: 4042023021-4197595102
                                                                                                                                                • Opcode ID: b313ae4348bc4a1f0f3864f69c259907dd7a2cb83a1666ffaa0a9a49df7f8e81
                                                                                                                                                • Instruction ID: edfed7ecc9eacdfe337e5ce42ba5106080e1bd590c5f00a233ffd05d92c9f491
                                                                                                                                                • Opcode Fuzzy Hash: b313ae4348bc4a1f0f3864f69c259907dd7a2cb83a1666ffaa0a9a49df7f8e81
                                                                                                                                                • Instruction Fuzzy Hash: A0A168B6208B91C6CB11CF2AE4807AA77B1F788F89F485126DF8D4B718DB38D451CB65
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040A490, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 113COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetEnvironmentVariableA.KERNEL32 ref: 0040A4B8
                                                                                                                                                • GetEnvironmentVariableA.KERNEL32 ref: 0040A4F3
                                                                                                                                                • GetEnvironmentVariableA.KERNEL32 ref: 0040A543
                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32 ref: 0040A57F
                                                                                                                                                • GetEnvironmentVariableA.KERNEL32 ref: 0040A5E4
                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32 ref: 0040A623
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Environment$Variable$ExpandStrings
                                                                                                                                                • String ID: %USERPROFILE%\Application Data$APPDATA$CURL_HOME$HOME
                                                                                                                                                • API String ID: 1313645947-734137483
                                                                                                                                                • Opcode ID: f712f36dfa8886fbad7de0c1bb30c7a45b40a1fe8136f8e5089dab360721b1fd
                                                                                                                                                • Instruction ID: bf99471f9b74a13d48b658424f25f2b202692eee50eed9da52bd9fe9c9593e9f
                                                                                                                                                • Opcode Fuzzy Hash: f712f36dfa8886fbad7de0c1bb30c7a45b40a1fe8136f8e5089dab360721b1fd
                                                                                                                                                • Instruction Fuzzy Hash: A3417551308BC095EF31AB11E9403AA63A0F798789F884426DB8D67798EF7CC655CB0E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00462EE0, Relevance: 16.7, APIs: 11, Instructions: 220COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileType
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3081899298-0
                                                                                                                                                • Opcode ID: ff7e8945b65b6a2c19464fc4b075dc14773c4bfb9f11cc2bb49543cdd22083ac
                                                                                                                                                • Instruction ID: d2b88212cf43ba72ec5977c8133fc14e637c4e50686cf92f7939102246d3a58d
                                                                                                                                                • Opcode Fuzzy Hash: ff7e8945b65b6a2c19464fc4b075dc14773c4bfb9f11cc2bb49543cdd22083ac
                                                                                                                                                • Instruction Fuzzy Hash: A9A1A432218B80C2D7208F65E45432FB3B1F785B69F14421AEF99477A8EBBCC545CB5A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043A790, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 180COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Received unexpected DATA packet block %d, expecting block %d, xrefs: 0043AA91
                                                                                                                                                • Received last DATA packet block %d again., xrefs: 0043A9E0
                                                                                                                                                • Timeout waiting for block %d ACK. Retries = %d, xrefs: 0043A807
                                                                                                                                                • tftp_rx: internal error, xrefs: 0043A7CB
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: sendto
                                                                                                                                                • String ID: Received last DATA packet block %d again.$Received unexpected DATA packet block %d, expecting block %d$Timeout waiting for block %d ACK. Retries = %d$tftp_rx: internal error
                                                                                                                                                • API String ID: 1876886790-1785996722
                                                                                                                                                • Opcode ID: 85fe105b184869f8b557cd1eec8746ca81c08122ba90a1b63803609470b5fbc3
                                                                                                                                                • Instruction ID: e8899ef2a0bba414fae5339c6e12b68af5d1328276dcffabc8dd2c0528e82e30
                                                                                                                                                • Opcode Fuzzy Hash: 85fe105b184869f8b557cd1eec8746ca81c08122ba90a1b63803609470b5fbc3
                                                                                                                                                • Instruction Fuzzy Hash: 9B817D76208B90C2CB11DF29D44039A7BB0F798F88F988126DF8C4B768DB39C456C755
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042CDD0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 177networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: inet_ntoa$ErrorLastgethostbyaddrgetservbyporthtons
                                                                                                                                                • String ID: 65535$udp
                                                                                                                                                • API String ID: 1483625650-1267037602
                                                                                                                                                • Opcode ID: 7ba5bde4fa44a5387480ed6a44c303012c7955da357db5a1108f9fa9fe509970
                                                                                                                                                • Instruction ID: 0c1efdb919823f422cba87356026b46107738434854428374aec279b2463541e
                                                                                                                                                • Opcode Fuzzy Hash: 7ba5bde4fa44a5387480ed6a44c303012c7955da357db5a1108f9fa9fe509970
                                                                                                                                                • Instruction Fuzzy Hash: 7661A222709BA086EB208F11F18436F6361FB45B94F994127EE9947BA4DF7CC846C71E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046E760, Relevance: 15.1, APIs: 10, Instructions: 132COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0046E77D
                                                                                                                                                • GetLastError.KERNEL32 ref: 0046E797
                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0046E7C0
                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 0046E826
                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 0046E861
                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32 ref: 0046E879
                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32 ref: 0046E8A3
                                                                                                                                                • GetEnvironmentStrings.KERNEL32 ref: 0046E8B6
                                                                                                                                                • FreeEnvironmentStringsA.KERNEL32 ref: 0046E8FA
                                                                                                                                                • FreeEnvironmentStringsA.KERNEL32 ref: 0046E927
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide$ErrorLast
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4109468225-0
                                                                                                                                                • Opcode ID: 60360142248fab3bef551299ae01ce7770b38d3279c7d27d2b2366f31c37e9d7
                                                                                                                                                • Instruction ID: 384a8359828526eb0ee973967ab25e051131325adfd0816966f82574c6c5a798
                                                                                                                                                • Opcode Fuzzy Hash: 60360142248fab3bef551299ae01ce7770b38d3279c7d27d2b2366f31c37e9d7
                                                                                                                                                • Instruction Fuzzy Hash: 7E418375A09B8086EB209F23A94431AA7E1FB49BD1F98041ADF4D47B58FF7CD445C70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043B3D9, Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 262COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %I64d$%s%c%s%c$0$blksize$timeout$tsize
                                                                                                                                                • API String ID: 0-2745715247
                                                                                                                                                • Opcode ID: c914789099056b407111b2ba0470c6f775f4f139335736a3b5ef7fba9e539587
                                                                                                                                                • Instruction ID: 6974e2becbd5f5f926db0792cc86c76d71e60a3f1e88245d6a46037db30a59ec
                                                                                                                                                • Opcode Fuzzy Hash: c914789099056b407111b2ba0470c6f775f4f139335736a3b5ef7fba9e539587
                                                                                                                                                • Instruction Fuzzy Hash: 4BB17A76208B85C1CB20CF25E04039A7760F789BA9F849312DFAD4B7D9DB78C50AC794
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042CA10, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 260COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: htonlinet_ntoa
                                                                                                                                                • String ID: tcp$udp
                                                                                                                                                • API String ID: 298042256-3725065008
                                                                                                                                                • Opcode ID: 9776c463be81c6903042e4eed922ee139dd2138a4e4c8722efeb919f402d543d
                                                                                                                                                • Instruction ID: e2ec445f5325e6851737b85392dbe3ad1d55d375539184ef57c72e5b3001db89
                                                                                                                                                • Opcode Fuzzy Hash: 9776c463be81c6903042e4eed922ee139dd2138a4e4c8722efeb919f402d543d
                                                                                                                                                • Instruction Fuzzy Hash: 94A1CE32705B6082DB29CF16B58032F76A1FB94B84F99812BEE4E87714EB7CC844D749
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043B980, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 197COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: sendto$recvfrom
                                                                                                                                                • String ID: %s$Internal error: Unexpected packet$Internal state machine error$Received too short packet$TFTP finished
                                                                                                                                                • API String ID: 4052786580-602509964
                                                                                                                                                • Opcode ID: 67350796953d54f2e47a32d503ad389c2caf852c9ea6b65b358461a3ce221544
                                                                                                                                                • Instruction ID: 84fd2684b9fd2eca4dbe0a001ca48a921e18df9e2ec43c6f3d6f3ee69e1904c5
                                                                                                                                                • Opcode Fuzzy Hash: 67350796953d54f2e47a32d503ad389c2caf852c9ea6b65b358461a3ce221544
                                                                                                                                                • Instruction Fuzzy Hash: 15916C76218AD1C6DB60DF26D4403AA77A0F389B88F489136DF894BB48DF3DC406CB55
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00470DD0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 103memorylibraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Virtual$AddressAllocHandleInfoModuleProcProtectQuerySystem
                                                                                                                                                • String ID: SetThreadStackGuarantee$kernel32.dll
                                                                                                                                                • API String ID: 3290314748-423161677
                                                                                                                                                • Opcode ID: 9d35b5c34de3a4d54cc351f01a3accc24e4ef63b413c0e8155ab77e470bb5e4c
                                                                                                                                                • Instruction ID: abc13426b3abdb6acb7173489a91e326a5f4521e4dab3032d68310694f11afd2
                                                                                                                                                • Opcode Fuzzy Hash: 9d35b5c34de3a4d54cc351f01a3accc24e4ef63b413c0e8155ab77e470bb5e4c
                                                                                                                                                • Instruction Fuzzy Hash: BA411876311B809AEB30CF25E9507D933A5F748B88F948416DE4D8BB18DF78D689C744
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00417240, Relevance: 12.4, APIs: 4, Strings: 4, Instructions: 420COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                • String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$GMT
                                                                                                                                                • API String ID: 1452528299-988243589
                                                                                                                                                • Opcode ID: 3df68456024fffa083826009d4bf99d78d63ff7e6c02c801be9c05fd8a460603
                                                                                                                                                • Instruction ID: 73a80a64feb8783d563d2fa4524399d3ed4915471da1f621160ae32c0cc43962
                                                                                                                                                • Opcode Fuzzy Hash: 3df68456024fffa083826009d4bf99d78d63ff7e6c02c801be9c05fd8a460603
                                                                                                                                                • Instruction Fuzzy Hash: 10F1D97261CA4086CB208F19E44039AB7B1F7857A4F645217EFAA57BE4DB7CD881CF09
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043F410, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLasthtonssend
                                                                                                                                                • String ID: Sending data failed (%d)
                                                                                                                                                • API String ID: 2027122571-2319402659
                                                                                                                                                • Opcode ID: 697e69644b1815f3942b3fb9bf09f415a890aee37284e2fdcba42f4eac988570
                                                                                                                                                • Instruction ID: f03a59a509bd6a757eb6c796a5136a2a504a4017695da9ce4e0e828821ec52ef
                                                                                                                                                • Opcode Fuzzy Hash: 697e69644b1815f3942b3fb9bf09f415a890aee37284e2fdcba42f4eac988570
                                                                                                                                                • Instruction Fuzzy Hash: C961A932608B8481CB109F26E45479E7761F3A9F89F949622DF8A43B29DF3CC04AC709
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419E30, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 91COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0042DB40: WaitForSingleObject.KERNEL32(?,?,?,?,0041A3A5,?,?,?,?,0041C3BA), ref: 0042DB59
                                                                                                                                                  • Part of subcall function 0042DB40: CloseHandle.KERNEL32(?,?,?,?,0041A3A5,?,?,?,?,0041C3BA), ref: 0042DB69
                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 00419EF5
                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00419F09
                                                                                                                                                • CloseHandle.KERNEL32 ref: 00419F16
                                                                                                                                                • DeleteCriticalSection.KERNEL32 ref: 00419F34
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveObjectSingleWait
                                                                                                                                                • String ID: Could not resolve %s: %s$host$proxy
                                                                                                                                                • API String ID: 2761528079-2205167006
                                                                                                                                                • Opcode ID: cd81cb6db3a1275bd8b0a062c488c28e44644523446ad768243b89dce23adca6
                                                                                                                                                • Instruction ID: d8bcae779fee246e68ebcfc6a0887e7478f3dbe53218615b9a8ef4afdb1198e1
                                                                                                                                                • Opcode Fuzzy Hash: cd81cb6db3a1275bd8b0a062c488c28e44644523446ad768243b89dce23adca6
                                                                                                                                                • Instruction Fuzzy Hash: 0D412876709B4092EB68DF22E56439AB370F784B84F444016DB5E47B55CF3CE8958B44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00470C00, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 81COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentDirectoryDriveFullNamePathType
                                                                                                                                                • String ID: .$:$:$\
                                                                                                                                                • API String ID: 3995704478-3772505838
                                                                                                                                                • Opcode ID: 05197da65e64482b56cc07329e1a3e1807b7a207be2cc11fcfa8e8afc6a8162a
                                                                                                                                                • Instruction ID: 9ff529ff8f45e12cd500f1d91e15d72e36cabf1e03da74b53d60244852035b15
                                                                                                                                                • Opcode Fuzzy Hash: 05197da65e64482b56cc07329e1a3e1807b7a207be2cc11fcfa8e8afc6a8162a
                                                                                                                                                • Instruction Fuzzy Hash: DE319062209780C9EB369B25A40439F7790F799788F488216DB8E87B45DB7DC505C719
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404500, Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 132COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • Error creating directory %s., xrefs: 00404679
                                                                                                                                                • %s%s, xrefs: 004045DC, 00404617
                                                                                                                                                • No space left on the file system that will contain the directory %s., xrefs: 0040469D
                                                                                                                                                • %s resides on a read-only file system., xrefs: 00404694
                                                                                                                                                • Cannot create directory %s because you exceeded your quota., xrefs: 00404682
                                                                                                                                                • The directory name %s is too long., xrefs: 0040468B
                                                                                                                                                • You don't have permission to create %s., xrefs: 004046A6
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %s resides on a read-only file system.$%s%s$Cannot create directory %s because you exceeded your quota.$Error creating directory %s.$No space left on the file system that will contain the directory %s.$The directory name %s is too long.$You don't have permission to create %s.
                                                                                                                                                • API String ID: 0-1086585624
                                                                                                                                                • Opcode ID: f4e44c2c6a36985c11bd4a6f273c972eee063454c447ac5ff2c5261a60dc277e
                                                                                                                                                • Instruction ID: 68d4d3a2fc89c293ea99f565a2dc190fd0b17aebc42d168ffb6fae6df6188e22
                                                                                                                                                • Opcode Fuzzy Hash: f4e44c2c6a36985c11bd4a6f273c972eee063454c447ac5ff2c5261a60dc277e
                                                                                                                                                • Instruction Fuzzy Hash: C841E3B1304B4081DA14DF26A8003AA6361F787BD8F944A27EF5A57BE5EF3DC546C70A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00472FB0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __shl_12$__shr_12
                                                                                                                                                • String ID: ?
                                                                                                                                                • API String ID: 4261834660-1684325040
                                                                                                                                                • Opcode ID: 3c504777e8cb1e4de4f2ce0b06a871166aaea242c25905cd9b7a67eed60350ab
                                                                                                                                                • Instruction ID: 8cce6b5220a39b4082be0018fdc87cccbb00e4a59383101acd819b94e24a9200
                                                                                                                                                • Opcode Fuzzy Hash: 3c504777e8cb1e4de4f2ce0b06a871166aaea242c25905cd9b7a67eed60350ab
                                                                                                                                                • Instruction Fuzzy Hash: 44A123222187C086D722CF29E2443AEBBA0F352709F44D11AEBDD47B95DB7CCA15D71A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00471500, Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000001C,0046D85D,?,0046E672), ref: 00471591
                                                                                                                                                • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000001C,0046D85D), ref: 004715A7
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000001C,0046D85D,?,0046E672), ref: 0047161F
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000001C,0046D85D,?,0046E672), ref: 004716CB
                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000001C,0046D85D,?,0046E672), ref: 00471709
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$Info
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1775632426-0
                                                                                                                                                • Opcode ID: 09360d08271dff065c2f5943c73fc518a284fa12060ce497d80e602dfc084a12
                                                                                                                                                • Instruction ID: 86a2bd8747426a93564261b7f749e599d7728c1c16276693e00f32644a7f1253
                                                                                                                                                • Opcode Fuzzy Hash: 09360d08271dff065c2f5943c73fc518a284fa12060ce497d80e602dfc084a12
                                                                                                                                                • Instruction Fuzzy Hash: DA816F72200BC08AD724CF2AE8407DA77A9F784BD8F14861AEA5E4BF68DF38C555C744
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043F200, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 113networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                                • String ID: SENT$Sending data failed (%d)
                                                                                                                                                • API String ID: 1802528911-3459338696
                                                                                                                                                • Opcode ID: 859feea9dea4765fd798de4610a0b27da7faa6bfa08ac63a33134810979a2e0b
                                                                                                                                                • Instruction ID: fe25705ac8abae98a1d5a9225ea9a5e05b68a2ba29e29d5073189ed7895aedbb
                                                                                                                                                • Opcode Fuzzy Hash: 859feea9dea4765fd798de4610a0b27da7faa6bfa08ac63a33134810979a2e0b
                                                                                                                                                • Instruction Fuzzy Hash: 4A51A076604B91C6DB24DF26E04475EB760F389B9CF45522AEE8A47B58DB7CC409CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043E170, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                                • String ID: SENT$Sending data failed (%d)
                                                                                                                                                • API String ID: 1802528911-3459338696
                                                                                                                                                • Opcode ID: b43e6837468b5a26aa943aa02dc6ce80ec8c2266cb8383af3961105ece6a759d
                                                                                                                                                • Instruction ID: 616bacd154e1fe8757c987cbcbedc1aaf687be650056c326c65a8e6ac70820da
                                                                                                                                                • Opcode Fuzzy Hash: b43e6837468b5a26aa943aa02dc6ce80ec8c2266cb8383af3961105ece6a759d
                                                                                                                                                • Instruction Fuzzy Hash: B6417F36608AC1C2D7218B5AE04575ABB20F389BDCF985117DF8817BA9CBBDC149CB09
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046D620, Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetStringTypeW.KERNEL32(?,0046E672), ref: 0046D690
                                                                                                                                                • GetLastError.KERNEL32(?,0046E672), ref: 0046D6AD
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,0046E672), ref: 0046D731
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,0046E672), ref: 0046D7D4
                                                                                                                                                • GetStringTypeW.KERNEL32(?,0046E672), ref: 0046D7EA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3581945363-0
                                                                                                                                                • Opcode ID: f8d7513c89f4954f792a876bcc7487f1ce2a3571adf797a6a36efe2f75971aa2
                                                                                                                                                • Instruction ID: a779e4277c930c2703044a6ddf85da92475c73a9b1ce307bca9083b41b3eedf6
                                                                                                                                                • Opcode Fuzzy Hash: f8d7513c89f4954f792a876bcc7487f1ce2a3571adf797a6a36efe2f75971aa2
                                                                                                                                                • Instruction Fuzzy Hash: 9E61C272B10B908AD7209F25E84079A33A5F7487D8F54412AEE4D8BB58EF38C940C74A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00472AD0, Relevance: 9.1, APIs: 6, Instructions: 111memoryfileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0046B600: SetFilePointer.KERNEL32(?,?,?,?,0046B74A,?,?,?,?,?,?,?,?,00466CD7), ref: 0046B657
                                                                                                                                                  • Part of subcall function 0046B600: GetLastError.KERNEL32(?,?,?,?,0046B74A,?,?,?,?,?,?,?,?,00466CD7), ref: 0046B664
                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00472B31
                                                                                                                                                • HeapAlloc.KERNEL32 ref: 00472B46
                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00472BC5
                                                                                                                                                • HeapFree.KERNEL32 ref: 00472BD3
                                                                                                                                                • SetEndOfFile.KERNEL32 ref: 00472BFA
                                                                                                                                                • GetLastError.KERNEL32 ref: 00472C20
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$ErrorFileLastProcess$AllocFreePointer
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1354853467-0
                                                                                                                                                • Opcode ID: a4d0be4e4ab2e0bfed47f5757a89a31a4c621e5c5749b558f91e5d487a1f9d8b
                                                                                                                                                • Instruction ID: 7974eeed95208896192156a5350c54b5eee653724f7ef6a1202c9e7e58e577f6
                                                                                                                                                • Opcode Fuzzy Hash: a4d0be4e4ab2e0bfed47f5757a89a31a4c621e5c5749b558f91e5d487a1f9d8b
                                                                                                                                                • Instruction Fuzzy Hash: 6441F431304F8086D7156F36A90035E73A1F784BE4F54831AEE1A8B7A4DFBCC9458B4A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0045B3B0, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 246COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • GSSAPI handshake failure (empty security message), xrefs: 0045B424, 0045B528
                                                                                                                                                • GSSAPI handshake failure (invalid security data), xrefs: 0045B53B
                                                                                                                                                • GSSAPI handshake failure (invalid security layer), xrefs: 0045B596
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: htonl
                                                                                                                                                • String ID: GSSAPI handshake failure (empty security message)$GSSAPI handshake failure (invalid security data)$GSSAPI handshake failure (invalid security layer)
                                                                                                                                                • API String ID: 2009864989-242323837
                                                                                                                                                • Opcode ID: 3d48c29c34324fef7321ec0b9562e92cc07974c16820ebed6d7410347468524d
                                                                                                                                                • Instruction ID: 90a03074b0a19fa710a09addec620546fe22cbfd913bb01613f97fce98b201dd
                                                                                                                                                • Opcode Fuzzy Hash: 3d48c29c34324fef7321ec0b9562e92cc07974c16820ebed6d7410347468524d
                                                                                                                                                • Instruction Fuzzy Hash: 95B13D76609B80C6EB60DF26E44479AB3A0F788B95F548126EF8E43B59DF3CC449CB44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043BD20, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 138networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00460840: GetSystemTimeAsFileTime.KERNEL32(?,?,?,00474182,?,?,?,?,?,?,?,?,?,?,0047433F), ref: 0046084E
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 0043BE7F
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Time$ErrorFileLastSystem
                                                                                                                                                • String ID: %s$Internal state machine error$TFTP finished$TFTP response timeout
                                                                                                                                                • API String ID: 2781989572-1506147383
                                                                                                                                                • Opcode ID: 24dc23132c6d2af774ace7b0ce51a1afc85b97d22226539bfa1da08fc974088f
                                                                                                                                                • Instruction ID: cdc5666a050d5ef8acc6ffea8a57c74da37316331191ee29bef748a280d09391
                                                                                                                                                • Opcode Fuzzy Hash: 24dc23132c6d2af774ace7b0ce51a1afc85b97d22226539bfa1da08fc974088f
                                                                                                                                                • Instruction Fuzzy Hash: 54518176304B4586DB20DF3AE84139A77A0F788B98F645117DF5987759EB3CC801C789
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00431CA0, Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 260COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                • String ID: %d.%d.%d.%d$%lx
                                                                                                                                                • API String ID: 1452528299-1067823383
                                                                                                                                                • Opcode ID: 8776bab029c8185ed7934378a58108ef1119390bf53a4e39980b003ebaf7ea57
                                                                                                                                                • Instruction ID: 5f78226ba4ceef8b054e815fdd4b4ae07a00fcba224aa5ca3d0ce078282118fe
                                                                                                                                                • Opcode Fuzzy Hash: 8776bab029c8185ed7934378a58108ef1119390bf53a4e39980b003ebaf7ea57
                                                                                                                                                • Instruction Fuzzy Hash: 5BA1D537608AC486D720CB69E4407AEB7A1F389794F245217DFA983FA8DB3DC445CB44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00474160, Relevance: 7.6, APIs: 5, Instructions: 93timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SystemTimeToFileTime.KERNEL32 ref: 004741F8
                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32 ref: 00474210
                                                                                                                                                • SystemTimeToFileTime.KERNEL32 ref: 00474284
                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32 ref: 00474298
                                                                                                                                                • SetFileTime.KERNEL32 ref: 004742B8
                                                                                                                                                  • Part of subcall function 00460840: GetSystemTimeAsFileTime.KERNEL32(?,?,?,00474182,?,?,?,?,?,?,?,?,?,?,0047433F), ref: 0046084E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Time$File$System$Local
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2859370177-0
                                                                                                                                                • Opcode ID: a59d0c09171c45b1f9cd0a72ea3d29b75efa3aa651d7f981239e9adfb65a9a65
                                                                                                                                                • Instruction ID: 5eeade30b6888b6effb62f3f38a2e08e6c2ad8dbd250e471f2c2672e109b68fb
                                                                                                                                                • Opcode Fuzzy Hash: a59d0c09171c45b1f9cd0a72ea3d29b75efa3aa651d7f981239e9adfb65a9a65
                                                                                                                                                • Instruction Fuzzy Hash: 8541502661868186DB109F61E48037F73B0FB88B85F545016FB8D877A8FB7CC855CB18
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419FE0, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 0041A029
                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 0041A036
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                • String ID: Could not resolve %s: %s$host$proxy
                                                                                                                                                • API String ID: 3168844106-2205167006
                                                                                                                                                • Opcode ID: e3544a08843e38cb87c47b9615515de5a751f6c9a910248825d1854edbeee384
                                                                                                                                                • Instruction ID: c032e7585d99521cdaf7c81febae2df9f7eae9c98a757e724767c5996a6abf38
                                                                                                                                                • Opcode Fuzzy Hash: e3544a08843e38cb87c47b9615515de5a751f6c9a910248825d1854edbeee384
                                                                                                                                                • Instruction Fuzzy Hash: 9C414B76609A80D7C714DF26E54079AB3B4F348B88F548027EB9E83B14DB3CE8A5CB05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00474000, Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9024fe93c81c83f7142b83ed0be11f5713054db8f77f5f8989237988172bdb4f
                                                                                                                                                • Instruction ID: a40e1e8f0835562326f9f5eb7bfb04983b0ae703f92cda706f97408f472a6256
                                                                                                                                                • Opcode Fuzzy Hash: 9024fe93c81c83f7142b83ed0be11f5713054db8f77f5f8989237988172bdb4f
                                                                                                                                                • Instruction Fuzzy Hash: D0214DA1708A9182EB20CF25E8407B66360E7C4779F448356EBBD467E4DB6CC989CF49
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004149C0, Relevance: 7.5, APIs: 5, Instructions: 40timethreadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32 ref: 00414A02
                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00414A0D
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00414A19
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00414A25
                                                                                                                                                • QueryPerformanceCounter.KERNEL32 ref: 00414A36
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                • Opcode ID: aa0d563a173986655b064f9f203aee48e98d2f42f87126848ff1f0f9f1087077
                                                                                                                                                • Instruction ID: 64b63b0cd7bda0d8bc39ef1bc922ad2d6f90863ea8d934560a677f495f72155a
                                                                                                                                                • Opcode Fuzzy Hash: aa0d563a173986655b064f9f203aee48e98d2f42f87126848ff1f0f9f1087077
                                                                                                                                                • Instruction Fuzzy Hash: C7012DB5216F4082EA40DF26F940346B3A5FB89BD5F996611DF9E177A4CF3CC8948B04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00467F20, Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLastError.KERNEL32 ref: 00467F2E
                                                                                                                                                • FlsGetValue.KERNEL32 ref: 00467F3C
                                                                                                                                                • SetLastError.KERNEL32 ref: 00467F99
                                                                                                                                                  • Part of subcall function 00465F30: Sleep.KERNEL32(?,?,?,?,00468298), ref: 00465F75
                                                                                                                                                • FlsSetValue.KERNEL32 ref: 00467F68
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00467F87
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastValue$CurrentSleepThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1883287227-0
                                                                                                                                                • Opcode ID: 9b3f4db3ee8057387a06aa22c1e11c535bb0ae4bb75d3a64d4bb9bfd34866640
                                                                                                                                                • Instruction ID: aa616edc40467d0078227de07b96f69ffe311a83c68da479046e6665ed51b80d
                                                                                                                                                • Opcode Fuzzy Hash: 9b3f4db3ee8057387a06aa22c1e11c535bb0ae4bb75d3a64d4bb9bfd34866640
                                                                                                                                                • Instruction Fuzzy Hash: 3A015AB1206B408AEB489F21F884B59B3B1F749B68F98422DCB5D4B395EF3CC405CB19
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00467E80, Relevance: 7.5, APIs: 5, Instructions: 34threadCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00461329), ref: 00467E8E
                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,?,00461329), ref: 00467E9C
                                                                                                                                                • SetLastError.KERNEL32(?,?,?,?,00461329), ref: 00467EF9
                                                                                                                                                  • Part of subcall function 00465F30: Sleep.KERNEL32(?,?,?,?,00468298), ref: 00465F75
                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,00461329), ref: 00467EC8
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00467EE7
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastValue$CurrentSleepThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1883287227-0
                                                                                                                                                • Opcode ID: 61e4f1dfc9f98fb06d09cfc52d082657e2c0e0d3040cd91f869d2f77336a5192
                                                                                                                                                • Instruction ID: 35d5cda5953268759b41fd9dffb6c4a2bcf6a44d8f1366d04e021acd318405a3
                                                                                                                                                • Opcode Fuzzy Hash: 61e4f1dfc9f98fb06d09cfc52d082657e2c0e0d3040cd91f869d2f77336a5192
                                                                                                                                                • Instruction Fuzzy Hash: 7F0178B5206B8086EB449F21F84871973B1F74DB68F988229CB5D47794EF3DC809CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004427B0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • FTP response aborted due to select/poll error: %d, xrefs: 00442992
                                                                                                                                                • We got a 421 - timeout!, xrefs: 00442948
                                                                                                                                                • FTP response timeout, xrefs: 0044296D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                • String ID: FTP response aborted due to select/poll error: %d$FTP response timeout$We got a 421 - timeout!
                                                                                                                                                • API String ID: 1452528299-2064316097
                                                                                                                                                • Opcode ID: 84efcd3648ba2f38d3fee84cd4bac6d18fcef91d6e18cba5fa564c50173e2748
                                                                                                                                                • Instruction ID: 5997d719b56003f1c1952bcc5c5f5a5579c38d3fbdda177bad9a4a6fb19b56e2
                                                                                                                                                • Opcode Fuzzy Hash: 84efcd3648ba2f38d3fee84cd4bac6d18fcef91d6e18cba5fa564c50173e2748
                                                                                                                                                • Instruction Fuzzy Hash: 1E41CCB2304B84C2EB60AF16E54475E77A4F388B88F95421AEBAC87754EF7CC545CB08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043F690, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                                • String ID: SENT$Sending data failed (%d)
                                                                                                                                                • API String ID: 1802528911-3459338696
                                                                                                                                                • Opcode ID: 350b657650f9c6072c077b41af443fc5920654c5e25e2c485b43b4dfcb2bbf40
                                                                                                                                                • Instruction ID: 469b24c5e25208bb679edb05f899ec565374f72b99e66999244a3b5c18fe576c
                                                                                                                                                • Opcode Fuzzy Hash: 350b657650f9c6072c077b41af443fc5920654c5e25e2c485b43b4dfcb2bbf40
                                                                                                                                                • Instruction Fuzzy Hash: B1418832604B558AD7289F1AE04076A7760F349BCCF64612EDB8607B58CF7DC449C70C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043E350, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                                • String ID: SENT$Sending data failed (%d)
                                                                                                                                                • API String ID: 1802528911-3459338696
                                                                                                                                                • Opcode ID: f6d46c0daf6dfedebf3b8389d98ef29530903bdaec32fc7e705c429fd2ffb1cc
                                                                                                                                                • Instruction ID: 0e6c0e25550d42c95f1992b0b8b97c782008a73c6add35993c68b5ff470d1feb
                                                                                                                                                • Opcode Fuzzy Hash: f6d46c0daf6dfedebf3b8389d98ef29530903bdaec32fc7e705c429fd2ffb1cc
                                                                                                                                                • Instruction Fuzzy Hash: 3E318231708A8186C760CB5AE44575ABBA0F39CB9CF9C5117DB8C83BA9DB78C059CB05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043E4B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                                • String ID: SENT$Sending data failed (%d)
                                                                                                                                                • API String ID: 1802528911-3459338696
                                                                                                                                                • Opcode ID: 32ada3caa304901e56586e658b5d22e2ec7bbdf1375ea9733ba550688b140f5c
                                                                                                                                                • Instruction ID: e834e04a65bf6d5002dc9e1c61c1c810a1d8c8d4c935f1abca4dd83e5a802d25
                                                                                                                                                • Opcode Fuzzy Hash: 32ada3caa304901e56586e658b5d22e2ec7bbdf1375ea9733ba550688b140f5c
                                                                                                                                                • Instruction Fuzzy Hash: EA318171704A8196C760CB5AE54535ABBA0F388BDCF9C501BDB8C83BA5DB7CC055CB05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004405E0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • getsockname.WS2_32 ref: 00440632
                                                                                                                                                • accept.WS2_32 ref: 00440651
                                                                                                                                                  • Part of subcall function 00402BD0: ioctlsocket.WS2_32 ref: 00402BE9
                                                                                                                                                  • Part of subcall function 0042B2D0: closesocket.WS2_32 ref: 0042B314
                                                                                                                                                Strings
                                                                                                                                                • Error accept()ing server connect, xrefs: 0044066B
                                                                                                                                                • Connection accepted from server, xrefs: 00440682
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: acceptclosesocketgetsocknameioctlsocket
                                                                                                                                                • String ID: Connection accepted from server$Error accept()ing server connect
                                                                                                                                                • API String ID: 3983744323-2331703088
                                                                                                                                                • Opcode ID: 9708775ad45a4ba31113d1dbe741a9ad9185ac66eb5e70fec7d205372692ea85
                                                                                                                                                • Instruction ID: c44b8ef11c9982b1734d766bc296280bc5c3872798ecf21dec56fd83cb52e015
                                                                                                                                                • Opcode Fuzzy Hash: 9708775ad45a4ba31113d1dbe741a9ad9185ac66eb5e70fec7d205372692ea85
                                                                                                                                                • Instruction Fuzzy Hash: 17314672204B8185EB609F26E44439A73A1F384BA8F884326DFB91B7C8DF7CD1558B08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046E660, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • P4`, xrefs: 0046E69B
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\curl_x64.exe, xrefs: 0046E67C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileModuleName__initmbctable
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\curl_x64.exe$P4`
                                                                                                                                                • API String ID: 3548084100-732295884
                                                                                                                                                • Opcode ID: 344f83f92b1edafc3bee0bd9ec4f241a9b558417162138d8acdee91d38440db8
                                                                                                                                                • Instruction ID: 242759173f846251f0dd7c19637c8d771a4983b6d141dc13a029053b2071b264
                                                                                                                                                • Opcode Fuzzy Hash: 344f83f92b1edafc3bee0bd9ec4f241a9b558417162138d8acdee91d38440db8
                                                                                                                                                • Instruction Fuzzy Hash: 20217CB6619B8486EB50CB52F90074AB3A5F798BD4F88101AEB8C43B28EF7CD515CB05
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0043E0E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                                • String ID: SENT$Sending data failed (%d)
                                                                                                                                                • API String ID: 1802528911-3459338696
                                                                                                                                                • Opcode ID: 4250c9cc6a7183655597588751e4ad932abe494ce0bd8d118d6d95a47f0c168e
                                                                                                                                                • Instruction ID: 028de8509ba021263694fbf266b78a9c5014062781626720249d1174a3d2c501
                                                                                                                                                • Opcode Fuzzy Hash: 4250c9cc6a7183655597588751e4ad932abe494ce0bd8d118d6d95a47f0c168e
                                                                                                                                                • Instruction Fuzzy Hash: 4301883A304B91C2DB109B2AE84434C7B60F798FD8F985016DF4847B29CF78C515C784
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0046D9D0, Relevance: 6.2, APIs: 4, Instructions: 173fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorFileLastRead
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1948546556-0
                                                                                                                                                • Opcode ID: cb97ab194d5ca4244d8fde3ac1e531da64cb22c24211d5144fadab3c7de44cd0
                                                                                                                                                • Instruction ID: c12f5912bf0d06dcbedda41168adca35e45cc359a9082cbbc0b37847a672f495
                                                                                                                                                • Opcode Fuzzy Hash: cb97ab194d5ca4244d8fde3ac1e531da64cb22c24211d5144fadab3c7de44cd0
                                                                                                                                                • Instruction Fuzzy Hash: 2E61B262F197C485DB218F29D40432A7B90F341F94F5A420BDBAA4B798EB7CC442C71B
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00472449, Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00470DD0: VirtualQuery.KERNEL32 ref: 00470E34
                                                                                                                                                  • Part of subcall function 00470DD0: GetSystemInfo.KERNEL32 ref: 00470E4B
                                                                                                                                                  • Part of subcall function 00470DD0: GetModuleHandleA.KERNEL32 ref: 00470E68
                                                                                                                                                  • Part of subcall function 00470DD0: GetProcAddress.KERNEL32 ref: 00470E7D
                                                                                                                                                  • Part of subcall function 00470DD0: VirtualAlloc.KERNEL32 ref: 00470F07
                                                                                                                                                  • Part of subcall function 00470DD0: VirtualProtect.KERNEL32 ref: 00470F1F
                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 004724B5
                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 004724DE
                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00472575
                                                                                                                                                • CompareStringW.KERNEL32 ref: 0047259A
                                                                                                                                                  • Part of subcall function 00465EC0: Sleep.KERNEL32(?,?,?,?,00465BEC), ref: 00465EF4
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiVirtualWide$AddressAllocCompareHandleInfoModuleProcProtectQuerySleepStringSystem
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3514146622-0
                                                                                                                                                • Opcode ID: 42ef7eca819690bb9cad437eafaba516bb5f9e2a490da9b76ddda3fe7ef63a5b
                                                                                                                                                • Instruction ID: 23ef9a0ba48b03e242b1f48699d8b37f379612d08e53dbb40751991f2476e770
                                                                                                                                                • Opcode Fuzzy Hash: 42ef7eca819690bb9cad437eafaba516bb5f9e2a490da9b76ddda3fe7ef63a5b
                                                                                                                                                • Instruction Fuzzy Hash: 4D416D72700B80DAC7349F22A9507DA37A4F748BDCF48822AEE4D5BB59DF78C6458744
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00419B90, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 00419BBC
                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00419BD0
                                                                                                                                                • CloseHandle.KERNEL32 ref: 00419BDD
                                                                                                                                                • DeleteCriticalSection.KERNEL32 ref: 00419BFB
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3102160386-0
                                                                                                                                                • Opcode ID: 36998f053fef2878b95a4db046f7a5c2e6c626137e64ad0f6ba65211079cde75
                                                                                                                                                • Instruction ID: ca1494d3950c2d487435cc66b6d07acd15eba4f4472cfa60c1aed08168f5ecf0
                                                                                                                                                • Opcode Fuzzy Hash: 36998f053fef2878b95a4db046f7a5c2e6c626137e64ad0f6ba65211079cde75
                                                                                                                                                • Instruction Fuzzy Hash: 5221C77A715B4097DB64DF22E6A035D7370FB98B80F544016DB8E43B14DF38D8A58754
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00427660, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • recv.WS2_32 ref: 0042774B
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00427765
                                                                                                                                                  • Part of subcall function 004183D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0041A288), ref: 004183E8
                                                                                                                                                  • Part of subcall function 004183D0: GetLastError.KERNEL32 ref: 004184C7
                                                                                                                                                  • Part of subcall function 004183D0: SetLastError.KERNEL32 ref: 004184D3
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast$recv
                                                                                                                                                • String ID: Recv failure: %s
                                                                                                                                                • API String ID: 316788870-4276829032
                                                                                                                                                • Opcode ID: c198d3435b99d2017725be1e7bd95a8e2d0832eb892d6528f643d0f4b7e6f9f0
                                                                                                                                                • Instruction ID: 7be0a7be7bd051beeba9f08869fb1d4762976bce563d485e117a6509ba114256
                                                                                                                                                • Opcode Fuzzy Hash: c198d3435b99d2017725be1e7bd95a8e2d0832eb892d6528f643d0f4b7e6f9f0
                                                                                                                                                • Instruction Fuzzy Hash: 2431AC3A705B9482D6109F16F58439D73A4F388FE0F98422ADF596BB68CF38D462C708
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0042B0F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • getsockopt.WS2_32 ref: 0042B16F
                                                                                                                                                • setsockopt.WS2_32 ref: 0042B19E
                                                                                                                                                  • Part of subcall function 0042C180: GetVersionExA.KERNEL32 ref: 0042C1E0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Versiongetsockoptsetsockopt
                                                                                                                                                • String ID: @
                                                                                                                                                • API String ID: 1450965354-2726393805
                                                                                                                                                • Opcode ID: f5a7ed7607c8132870a4aa83c5d5a709af634b698b2b3268c1fa27755d0fbc47
                                                                                                                                                • Instruction ID: cedb9d865edae910f4b1c61e30d0dfdb827b7bfa930a48459eab0ce9b7174c53
                                                                                                                                                • Opcode Fuzzy Hash: f5a7ed7607c8132870a4aa83c5d5a709af634b698b2b3268c1fa27755d0fbc47
                                                                                                                                                • Instruction Fuzzy Hash: 8011CEB230828187F720CF14F80476ABBA0FB84388F984125EB8847B94D7BDC599CF08
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00427B70, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45networkCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00427A30: recv.WS2_32 ref: 00427B2F
                                                                                                                                                • send.WS2_32 ref: 00427BAD
                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00427BC7
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000000B.00000002.231918231.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 0000000B.00000002.231910763.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232023273.0000000000475000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232084420.00000000004C6000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 0000000B.00000002.232106855.00000000004CA000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_11_2_400000_curl_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastrecvsend
                                                                                                                                                • String ID: Send failure: %s
                                                                                                                                                • API String ID: 3418755260-857917747
                                                                                                                                                • Opcode ID: 8a9673482afe3db93b43ea18fe8588586988656795e946eb73f70219d8e13c41
                                                                                                                                                • Instruction ID: c898370c723723f30508dd55fb73234d497370ff65789fcf95facadd84de6326
                                                                                                                                                • Opcode Fuzzy Hash: 8a9673482afe3db93b43ea18fe8588586988656795e946eb73f70219d8e13c41
                                                                                                                                                • Instruction Fuzzy Hash: 12115171718B91C6C7509F26B94034AA761F759BE4FA80226EF9E47B98DB7CC4418704
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Analysis Process: detect_x64.exe PID: 360 Parent PID: 5556 detect_x64.exeCOMMON

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FF7A74569EB 1 Function_00007FF7A745286C 7 Function_00007FF7A7456A70 1->7 33 Function_00007FF7A7457090 1->33 2 Function_00007FF7A7456FEC 3 Function_00007FF7A74521E8 17 Function_00007FF7A745125C 3->17 19 Function_00007FF7A74520DC 3->19 4 Function_00007FF7A74566F4 5 Function_00007FF7A74524F4 5->4 18 Function_00007FF7A745115C 5->18 6 Function_00007FF7A7456C70 32 Function_00007FF7A7456A94 7->32 8 Function_00007FF7A7456870 10 Function_00007FF7A7456DF0 8->10 22 Function_00007FF7A7451ED8 8->22 51 Function_00007FF7A7456CB0 8->51 9 Function_00007FF7A7451970 9->4 9->7 25 Function_00007FF7A7451560 9->25 34 Function_00007FF7A7451590 9->34 35 Function_00007FF7A7454290 9->35 74 Function_00007FF7A74517BC 9->74 61 Function_00007FF7A7456DA0 10->61 68 Function_00007FF7A7456E50 10->68 11 Function_00007FF7A7453070 11->7 11->18 11->33 42 Function_00007FF7A7451084 11->42 54 Function_00007FF7A7456F98 11->54 12 Function_00007FF7A7454570 12->9 12->42 12->54 13 Function_00007FF7A7453AF0 13->42 13->54 14 Function_00007FF7A74549F0 14->7 14->19 15 Function_00007FF7A74554F0 15->7 16 Function_00007FF7A7454CF0 16->7 16->9 16->42 16->54 17->4 18->54 19->7 20 Function_00007FF7A7456CDC 21 Function_00007FF7A7452258 21->17 21->18 21->42 21->54 31 Function_00007FF7A7451194 22->31 38 Function_00007FF7A7454710 22->38 22->42 22->54 23 Function_00007FF7A7453764 23->7 23->33 23->42 23->54 24 Function_00007FF7A74570E6 26 Function_00007FF7A7454B60 26->7 26->9 26->42 26->54 27 Function_00007FF7A7456560 27->7 27->23 27->42 27->54 28 Function_00007FF7A74534E0 28->7 28->17 28->18 28->25 28->34 28->42 28->54 55 Function_00007FF7A7452F24 28->55 81 Function_00007FF7A74516C0 28->81 29 Function_00007FF7A74563E0 29->7 29->42 29->54 30 Function_00007FF7A7451008 31->7 34->4 45 Function_00007FF7A7451380 34->45 35->3 35->11 35->17 35->18 35->19 35->21 35->28 41 Function_00007FF7A7452F7C 35->41 35->42 44 Function_00007FF7A7452C80 35->44 53 Function_00007FF7A745269C 35->53 35->54 75 Function_00007FF7A7452338 35->75 36 Function_00007FF7A7455890 36->4 36->7 36->25 36->42 36->54 36->55 63 Function_00007FF7A7451448 36->63 36->81 37 Function_00007FF7A7456D90 38->9 38->42 38->54 39 Function_00007FF7A7455010 39->31 39->42 39->54 40 Function_00007FF7A7457110 41->18 41->25 41->34 41->42 41->54 41->55 43 Function_00007FF7A7456E84 44->1 44->7 44->18 44->42 44->54 45->4 46 Function_00007FF7A7454E80 46->7 46->9 46->42 46->54 47 Function_00007FF7A7455400 67 Function_00007FF7A7455050 47->67 48 Function_00007FF7A7456F82 49 Function_00007FF7A7452830 49->18 50 Function_00007FF7A7456E30 52 Function_00007FF7A74547B0 52->9 52->42 52->54 53->5 53->7 53->18 53->42 53->54 55->18 56 Function_00007FF7A7456820 57 Function_00007FF7A7454920 57->9 57->42 57->54 58 Function_00007FF7A7453EA0 58->3 58->4 58->7 58->42 58->54 59 Function_00007FF7A74544A0 59->9 59->42 59->54 60 Function_00007FF7A74561A0 60->9 60->42 60->54 62 Function_00007FF7A7456D22 63->4 63->30 63->45 64 Function_00007FF7A7456FC8 64->2 65 Function_00007FF7A7454850 65->9 65->42 65->54 66 Function_00007FF7A7453C50 66->4 66->7 66->42 66->54 67->7 67->42 67->54 69 Function_00007FF7A74543D0 69->9 69->42 69->54 70 Function_00007FF7A74551D0 70->7 70->42 70->54 70->67 71 Function_00007FF7A74557D0 71->42 71->54 72 Function_00007FF7A7455DD0 72->4 72->7 72->25 72->34 72->42 72->54 72->63 73 Function_00007FF7A74562D0 73->7 73->42 73->54 75->7 75->18 75->42 75->54 76 Function_00007FF7A7456D38 76->20 77 Function_00007FF7A7456A40 77->43 78 Function_00007FF7A7454640 78->9 78->42 78->54 79 Function_00007FF7A7455640 79->7 79->9 79->42 79->54 80 Function_00007FF7A7456740 80->37 80->76 81->4 81->45

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FF7A745286C, Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 252registryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 7ff7a745286c-7ff7a74528d8 call 7ff7a7457090 call 7ff7a7457056 SetupDiGetDeviceInstallParamsW 5 7ff7a7452c4c 0->5 6 7ff7a74528de-7ff7a7452905 SetupDiSetDeviceInstallParamsW 0->6 7 7ff7a7452c4e-7ff7a7452c77 call 7ff7a7456a70 5->7 8 7ff7a7452907-7ff7a745290f SetupDiBuildDriverInfoList 6->8 9 7ff7a7452939-7ff7a7452964 SetupDiOpenDevRegKey 6->9 8->5 11 7ff7a7452915-7ff7a7452934 SetupDiEnumDriverInfoW 8->11 12 7ff7a745296a-7ff7a745299f RegQueryValueExW 9->12 13 7ff7a7452c46 RegCloseKey 9->13 11->7 15 7ff7a7452c43 12->15 16 7ff7a74529a5-7ff7a74529a9 12->16 13->5 15->13 16->15 17 7ff7a74529af-7ff7a74529e8 RegQueryValueExW 16->17 17->15 18 7ff7a74529ee-7ff7a74529f2 17->18 18->15 19 7ff7a74529f8-7ff7a7452a2c RegQueryValueExW 18->19 19->15 20 7ff7a7452a32-7ff7a7452a36 19->20 20->15 21 7ff7a7452a3c-7ff7a7452a7b RegQueryValueExW RegCloseKey 20->21 21->5 22 7ff7a7452a81-7ff7a7452a85 21->22 22->5 23 7ff7a7452a8b-7ff7a7452ab9 SetupDiGetDeviceRegistryPropertyW 22->23 23->5 24 7ff7a7452abf-7ff7a7452ade SetupDiSetDeviceInstallParamsW 23->24 24->5 25 7ff7a7452ae4-7ff7a7452af5 SetupDiBuildDriverInfoList 24->25 25->5 26 7ff7a7452afb-7ff7a7452b16 SetupDiEnumDriverInfoW 25->26 27 7ff7a7452b1c 26->27 28 7ff7a7452c28-7ff7a7452c31 SetupDiDestroyDriverInfoList 26->28 29 7ff7a7452b23-7ff7a7452b2d 27->29 31 7ff7a7452c3c 28->31 30 7ff7a7452b30-7ff7a7452b3a 29->30 32 7ff7a7452b3c-7ff7a7452b42 30->32 33 7ff7a7452b44-7ff7a7452b46 30->33 31->15 32->30 32->33 34 7ff7a7452b4c-7ff7a7452b5a 33->34 35 7ff7a7452c07-7ff7a7452c22 SetupDiEnumDriverInfoW 33->35 36 7ff7a7452b5d-7ff7a7452b67 34->36 35->28 35->29 37 7ff7a7452b69-7ff7a7452b6f 36->37 38 7ff7a7452b71-7ff7a7452b73 36->38 37->36 37->38 38->35 39 7ff7a7452b79-7ff7a7452ba8 SetupDiGetDriverInfoDetailW 38->39 40 7ff7a7452baa-7ff7a7452bb3 GetLastError 39->40 41 7ff7a7452bb5-7ff7a7452bc3 39->41 40->35 40->41 42 7ff7a7452bc6-7ff7a7452bd0 41->42 43 7ff7a7452bda-7ff7a7452bdc 42->43 44 7ff7a7452bd2-7ff7a7452bd8 42->44 43->35 45 7ff7a7452bde-7ff7a7452bec 43->45 44->42 44->43 46 7ff7a7452bef-7ff7a7452bf9 45->46 47 7ff7a7452bfb-7ff7a7452c01 46->47 48 7ff7a7452c03-7ff7a7452c05 46->48 47->46 47->48 48->31 48->35
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$DeviceQueryValue$DriverInfoInstallParams$BuildList$CloseEnumOpenPropertyRegistry
                                                                                                                                                • String ID: DriverDesc$InfPath$InfSection$ProviderName
                                                                                                                                                • API String ID: 1187922586-109328823
                                                                                                                                                • Opcode ID: 2807d56651047efa3482015aea118a6355b1fd54d7907657358463e624218efe
                                                                                                                                                • Instruction ID: 276fa0418bacce983faaffe922fb80dac99079f6ae0b761d638b969d58d033b2
                                                                                                                                                • Opcode Fuzzy Hash: 2807d56651047efa3482015aea118a6355b1fd54d7907657358463e624218efe
                                                                                                                                                • Instruction Fuzzy Hash: CBB18772B09B4286EB749F11A8446BAB3A4FB84B85FC14136DE4D43A78DF3CDA05C754
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7451970, Relevance: 19.9, APIs: 13, Instructions: 357COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 49 7ff7a7451970-7ff7a7451a0d call 7ff7a74566f4 52 7ff7a7451eab-7ff7a7451ed1 call 7ff7a7456a70 49->52 53 7ff7a7451a13-7ff7a7451a19 49->53 55 7ff7a7451a1f-7ff7a7451a26 53->55 56 7ff7a7451ab1 53->56 59 7ff7a7451a28-7ff7a7451a30 55->59 60 7ff7a7451a90-7ff7a7451a93 55->60 57 7ff7a7451ab7-7ff7a7451ac3 56->57 62 7ff7a7451ac9-7ff7a7451ad1 57->62 63 7ff7a7451b61-7ff7a7451b64 57->63 59->60 64 7ff7a7451a32-7ff7a7451a57 SetupDiClassGuidsFromNameExW 59->64 60->56 61 7ff7a7451a95-7ff7a7451aa0 60->61 61->57 65 7ff7a7451aa2-7ff7a7451aa7 61->65 68 7ff7a7451ad5-7ff7a7451aea 62->68 66 7ff7a7451b8b-7ff7a7451bca SetupDiGetClassDevsExW 63->66 67 7ff7a7451b66-7ff7a7451b89 SetupDiCreateDeviceInfoListExW 63->67 69 7ff7a7451a6b-7ff7a7451a70 64->69 70 7ff7a7451a59-7ff7a7451a62 GetLastError 64->70 65->57 71 7ff7a7451aa9-7ff7a7451aac 65->71 72 7ff7a7451bd0-7ff7a7451bd7 66->72 67->72 73 7ff7a7451aec-7ff7a7451afc CharNextW 68->73 74 7ff7a7451b01-7ff7a7451b08 68->74 77 7ff7a7451a7c-7ff7a7451a8c 69->77 78 7ff7a7451a72-7ff7a7451a77 69->78 75 7ff7a7451a68 70->75 76 7ff7a7451e92-7ff7a7451ea0 call 7ff7a7456734 70->76 71->56 72->76 80 7ff7a7451bdd-7ff7a7451bea 72->80 73->74 81 7ff7a7451b17-7ff7a7451b22 wcschr 74->81 82 7ff7a7451b0a-7ff7a7451b15 CharNextW 74->82 75->69 76->52 87 7ff7a7451ea2-7ff7a7451ea5 SetupDiDestroyDeviceInfoList 76->87 77->60 78->76 84 7ff7a7451bec-7ff7a7451bfa 80->84 85 7ff7a7451c29-7ff7a7451c41 SetupDiGetDeviceInfoListDetailW 80->85 86 7ff7a7451b26-7ff7a7451b3f 81->86 82->86 88 7ff7a7451bfd-7ff7a7451c01 84->88 85->76 89 7ff7a7451c47-7ff7a7451c74 SetupDiEnumDeviceInfo 85->89 90 7ff7a7451b46 86->90 91 7ff7a7451b41-7ff7a7451b44 86->91 87->52 92 7ff7a7451c1a-7ff7a7451c22 88->92 93 7ff7a7451c03-7ff7a7451c14 SetupDiOpenDeviceInfoW 88->93 94 7ff7a7451e8e 89->94 95 7ff7a7451c7a-7ff7a7451c82 89->95 96 7ff7a7451b4c-7ff7a7451b56 90->96 91->90 91->96 92->88 98 7ff7a7451c24 92->98 93->92 94->76 99 7ff7a7451c86-7ff7a7451c89 95->99 96->68 97 7ff7a7451b5c-7ff7a7451b5f 96->97 97->63 97->66 98->85 100 7ff7a7451e29 99->100 101 7ff7a7451c8f-7ff7a7451c9e 99->101 104 7ff7a7451e2e-7ff7a7451e30 100->104 102 7ff7a7451e5c-7ff7a7451e78 SetupDiEnumDeviceInfo 101->102 103 7ff7a7451ca4-7ff7a7451cb0 101->103 102->94 107 7ff7a7451e7a-7ff7a7451e83 102->107 105 7ff7a7451cb5-7ff7a7451cb7 103->105 104->102 106 7ff7a7451e32 104->106 108 7ff7a7451cbd-7ff7a7451cec CM_Get_Device_ID_ExW 105->108 109 7ff7a7451e34-7ff7a7451e38 105->109 110 7ff7a7451e3d-7ff7a7451e52 call 7ff7a7454290 106->110 107->99 111 7ff7a7451cee 108->111 112 7ff7a7451cf5-7ff7a7451cf9 108->112 109->110 115 7ff7a7451e58-7ff7a7451e5a 110->115 111->112 113 7ff7a7451cfb-7ff7a7451d19 call 7ff7a74517bc 112->113 114 7ff7a7451d29-7ff7a7451d53 call 7ff7a7451590 * 2 112->114 121 7ff7a7451de5-7ff7a7451e18 call 7ff7a7451560 * 2 113->121 122 7ff7a7451d1f-7ff7a7451d24 113->122 125 7ff7a7451d58-7ff7a7451d68 114->125 115->102 118 7ff7a7451e88-7ff7a7451e8c 115->118 118->76 121->105 137 7ff7a7451e1e-7ff7a7451e27 121->137 122->121 127 7ff7a7451d9e-7ff7a7451da4 125->127 128 7ff7a7451d6a-7ff7a7451d6d 125->128 130 7ff7a7451da6-7ff7a7451da9 127->130 131 7ff7a7451de0 127->131 128->127 132 7ff7a7451d6f-7ff7a7451d7b 128->132 130->131 135 7ff7a7451dab-7ff7a7451db7 130->135 131->121 133 7ff7a7451d7f-7ff7a7451d8e call 7ff7a74517bc 132->133 141 7ff7a7451dd6 133->141 142 7ff7a7451d90-7ff7a7451d97 133->142 138 7ff7a7451dbb-7ff7a7451dc8 call 7ff7a74517bc 135->138 137->104 138->141 145 7ff7a7451dca-7ff7a7451dd2 138->145 146 7ff7a7451ddb 141->146 142->133 144 7ff7a7451d99 142->144 144->127 145->138 147 7ff7a7451dd4 145->147 146->131 147->146
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$DeviceInfo$List$CharClassEnumNext$CreateDestroyDetailDevice_DevsErrorFromGet_GuidsLastNameOpenmallocwcschr
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 43639810-0
                                                                                                                                                • Opcode ID: 89f27aaf0f823c13d3424bd83824de243595a0339a55a0fa3d661b8a36788e4b
                                                                                                                                                • Instruction ID: 18f231df29b6853d103d7d57cb6a07a2f99a69b3afe61d98db441c401b55b992
                                                                                                                                                • Opcode Fuzzy Hash: 89f27aaf0f823c13d3424bd83824de243595a0339a55a0fa3d661b8a36788e4b
                                                                                                                                                • Instruction Fuzzy Hash: 7CE19332B0AA4286EB209F15E4406BEB7A4FB45B98FD24135DE4E47BA4DF3CD946C710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7456CB0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 325 7ff7a7456cb0-7ff7a7456cc7 SetUnhandledExceptionFilter
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                • Opcode ID: 5ebaec917797f88d02dffa84fcdc6cd0efd3092181cc90a82e3a7c50803cd070
                                                                                                                                                • Instruction ID: 18f9b97fbc62e4c8d3092e10f074083a08788db83ef2544d4d3aaa291a7c06e8
                                                                                                                                                • Opcode Fuzzy Hash: 5ebaec917797f88d02dffa84fcdc6cd0efd3092181cc90a82e3a7c50803cd070
                                                                                                                                                • Instruction Fuzzy Hash: F0B09210F26802C1E604BF219C9506452A0BB58700FC20431C40D80130EE2C999B8711
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7452C80, Relevance: 19.7, APIs: 13, Instructions: 158COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$Driver$DeviceFileInfoInstallParamsQueue$ListScanmemset$BuildCallCharClassCloseDestroyDetailEnumErrorFormatFreeInstallerLastLocalMessageOpenPrevSelectedfputsfputws
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2781244042-0
                                                                                                                                                • Opcode ID: 253b2cddc8f9d1938ef382ad6dc5530c7879cc85a48f7d341777d53daa8e34c3
                                                                                                                                                • Instruction ID: 6108e0f0955d4af2aec134407dae522935e32d556e9cf56530ab05675473429a
                                                                                                                                                • Opcode Fuzzy Hash: 253b2cddc8f9d1938ef382ad6dc5530c7879cc85a48f7d341777d53daa8e34c3
                                                                                                                                                • Instruction Fuzzy Hash: 0761942270A68286E760EF21D8502AEB3A5FB84B94FC50636DD1E47BA5CF3CD906C754
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7456870, Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentImageNonwritableSleep_amsg_exit_cexit_inittermexit
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4291973834-0
                                                                                                                                                • Opcode ID: b4ab8591321b2fc8539f0d3258a043a7e7af45e6699f1fcfe4db934f454d5aa1
                                                                                                                                                • Instruction ID: e0249e7718700a1de40e9acaa41015a9b2fcbfd115bdf8381ced2067753cbe4d
                                                                                                                                                • Opcode Fuzzy Hash: b4ab8591321b2fc8539f0d3258a043a7e7af45e6699f1fcfe4db934f454d5aa1
                                                                                                                                                • Instruction Fuzzy Hash: 8641F331A0A64686F750BF15E864239A2A4BF45B84FC60539ED4D876B0EF3CEC43C762
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7451ED8, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 225 7ff7a7451ed8-7ff7a7451f1a wcsrchr 226 7ff7a7451f1c-7ff7a7451f1f 225->226 227 7ff7a7451f21-7ff7a7451f2a CharNextW 225->227 228 7ff7a7451f2d-7ff7a7451f36 226->228 227->228 229 7ff7a7451fac-7ff7a7451fb3 228->229 230 7ff7a7451f38-7ff7a7451f3c 228->230 231 7ff7a7452014-7ff7a745202e call 7ff7a7456f98 call 7ff7a7451084 229->231 232 7ff7a7451fb5-7ff7a7451fc7 229->232 233 7ff7a7451f40-7ff7a7451f4e 230->233 256 7ff7a7452033-7ff7a745204a 231->256 235 7ff7a7451fc9-7ff7a7451fd2 CharNextW 232->235 236 7ff7a7451fd5-7ff7a7451fe1 232->236 237 7ff7a7451fa8 233->237 238 7ff7a7451f50-7ff7a7451f5b 233->238 235->236 236->231 240 7ff7a7451fe3 236->240 237->229 241 7ff7a7451f5d-7ff7a7451f64 238->241 242 7ff7a7451f87-7ff7a7451f8c 238->242 247 7ff7a7451fea-7ff7a7451ff8 _wcsicmp 240->247 243 7ff7a7451f7b-7ff7a7451f80 241->243 244 7ff7a7451f66-7ff7a7451f6e 241->244 242->237 246 7ff7a7451f8e-7ff7a7451f96 242->246 243->237 251 7ff7a7451f82-7ff7a7451f85 243->251 244->237 250 7ff7a7451f70-7ff7a7451f75 244->250 246->237 253 7ff7a7451f98 246->253 248 7ff7a745204b-7ff7a745207d call 7ff7a7454710 247->248 249 7ff7a7451ffa-7ff7a7452012 247->249 257 7ff7a7452083-7ff7a7452089 248->257 249->231 249->247 250->237 254 7ff7a7451f77-7ff7a7451f79 250->254 255 7ff7a7451f9d-7ff7a7451fa6 251->255 253->255 254->255 255->233 255->237 258 7ff7a745208b-7ff7a745208e 257->258 259 7ff7a74520cd-7ff7a74520cf 257->259 260 7ff7a74520c3-7ff7a74520c6 258->260 261 7ff7a7452090-7ff7a745209b 258->261 259->256 260->259 262 7ff7a74520c8 call 7ff7a7451194 260->262 263 7ff7a745209d-7ff7a74520a7 call 7ff7a7456f98 261->263 264 7ff7a74520a9-7ff7a74520ae call 7ff7a7456f98 261->264 262->259 270 7ff7a74520b3-7ff7a74520c1 call 7ff7a7451084 263->270 264->270 270->259
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharNext$_wcsicmpwcsrchr
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 349611830-0
                                                                                                                                                • Opcode ID: 5707b521c4e7c77c14a78bd7294958d538c62ad06d35ede6c3700352360a144e
                                                                                                                                                • Instruction ID: f6e0a46195d2cb7242209f591908c215051e50e5a7468681e2862b709103807b
                                                                                                                                                • Opcode Fuzzy Hash: 5707b521c4e7c77c14a78bd7294958d538c62ad06d35ede6c3700352360a144e
                                                                                                                                                • Instruction Fuzzy Hash: B951AC62A0A64686EA54AF55E440679B3A4FB04B88FC64036DF0E537B4EF3CED57C320
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7451590, Relevance: 3.1, APIs: 2, Instructions: 78COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DeviceErrorLastPropertyRegistrySetupmalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3222414921-0
                                                                                                                                                • Opcode ID: 66b54f04880a69e2df15ef1fac651865b731044f75462621537e4e7538dac4ed
                                                                                                                                                • Instruction ID: bc0fe1db68f040fac8915213af02ac77b8d86377e888a32fa5b17ac6a21dc56f
                                                                                                                                                • Opcode Fuzzy Hash: 66b54f04880a69e2df15ef1fac651865b731044f75462621537e4e7538dac4ed
                                                                                                                                                • Instruction Fuzzy Hash: 9421A72170A74143EA54EF15B4102BAA394FB89B94FC90734EE5E437A5DF3CD846C710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A745125C, Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DeviceErrorLastPropertyRegistrySetupmalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3222414921-0
                                                                                                                                                • Opcode ID: 712fab2b1444c65af948b10dd7050d47f82d5600e510e89c8421b08d2ec1e92c
                                                                                                                                                • Instruction ID: bea541c51ab146ed74b85ba459b9a3ed5a84456bd790739875313889805c51d0
                                                                                                                                                • Opcode Fuzzy Hash: 712fab2b1444c65af948b10dd7050d47f82d5600e510e89c8421b08d2ec1e92c
                                                                                                                                                • Instruction Fuzzy Hash: 4F21B72170A78186EA64EF15B81426EE394FB89BA4FC50235EE5E43BE5DF3CD846C710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7451380, Relevance: 2.6, APIs: 2, Instructions: 59stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 313 7ff7a7451380-7ff7a74513a6 314 7ff7a74513a8-7ff7a74513be lstrlenW 313->314 315 7ff7a74513c0-7ff7a74513dc call 7ff7a74566f4 313->315 314->314 314->315 317 7ff7a74513e1-7ff7a74513e7 315->317 318 7ff7a74513e9-7ff7a74513ee 317->318 319 7ff7a7451426-7ff7a7451440 317->319 320 7ff7a745141a-7ff7a7451422 318->320 321 7ff7a74513f0-7ff7a74513f5 318->321 320->319 321->320 322 7ff7a74513f7 321->322 323 7ff7a74513fb-7ff7a7451418 lstrlenW 322->323 323->320 323->323
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrlen
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1659193697-0
                                                                                                                                                • Opcode ID: 25d8622939fd3d378dfb894d5c14bcf06b3d632f45eafb97b642428814df23e3
                                                                                                                                                • Instruction ID: 918e11ebb2a78463c20e3dc6688cfa3cae608242bf3a510fbaabbd4501a45e00
                                                                                                                                                • Opcode Fuzzy Hash: 25d8622939fd3d378dfb894d5c14bcf06b3d632f45eafb97b642428814df23e3
                                                                                                                                                • Instruction Fuzzy Hash: 82114F22A05B8181D615EF15E450139B3B4FB85B90B9A8235DF9E437A4DE3CE893C310
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7456820, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 324 7ff7a7456820-7ff7a7456868 __wgetmainargs
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __wgetmainargs
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1709950718-0
                                                                                                                                                • Opcode ID: 5940b59835abce81edaa81f592c787fbeee1ceda1b8c82252df102a8fff8c996
                                                                                                                                                • Instruction ID: 8c43b95dd0f0f448f4c43a0927040c378d1c29dde06c48179b4c3be5706baa21
                                                                                                                                                • Opcode Fuzzy Hash: 5940b59835abce81edaa81f592c787fbeee1ceda1b8c82252df102a8fff8c996
                                                                                                                                                • Instruction Fuzzy Hash: 55E07D74E0A687A5E700AF10E844478B7A0BB04304FC24136DC0D56774DE3CA94BCB30
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74566F4, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 371 7ff7a74566f4-7ff7a7456701 372 7ff7a7456712-7ff7a745671d malloc 371->372 373 7ff7a7456703-7ff7a745670d call 7ff7a7456c54 372->373 374 7ff7a745671f-7ff7a745672c 372->374 373->374 377 7ff7a745670f 373->377 377->372
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: malloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2803490479-0
                                                                                                                                                • Opcode ID: 65627b1ac0e2acfb5e7cd4696612a14c86a6680fd011bfbf976ab167a43bf727
                                                                                                                                                • Instruction ID: bf6efe144c9385edfa03e2708da5d64f1e03f5f0ce7c874d74cc7e16e18f2db5
                                                                                                                                                • Opcode Fuzzy Hash: 65627b1ac0e2acfb5e7cd4696612a14c86a6680fd011bfbf976ab167a43bf727
                                                                                                                                                • Instruction Fuzzy Hash: 80D01201B1F24640FD55BB56666117982919F48FD0FD95030DE5D0B796DE2CEC924B22
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00007FF7A7455890, Relevance: 42.4, APIs: 14, Strings: 10, Instructions: 355registryservicestringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 396 7ff7a7455890-7ff7a74558e7 397 7ff7a74558ed-7ff7a74558f4 396->397 398 7ff7a7455d97 396->398 397->398 399 7ff7a74558fa-7ff7a745591a SetupDiClassGuidsFromNameExW 397->399 400 7ff7a7455d9c-7ff7a7455dc3 call 7ff7a7456a70 398->400 401 7ff7a745592b-7ff7a7455930 399->401 402 7ff7a745591c-7ff7a7455925 GetLastError 399->402 404 7ff7a7455d93-7ff7a7455d95 401->404 406 7ff7a7455936-7ff7a745594c _wcsicmp 401->406 402->401 402->404 404->400 407 7ff7a745594e-7ff7a7455955 406->407 408 7ff7a7455957-7ff7a745596d _wcsicmp 406->408 409 7ff7a745597a-7ff7a74559b5 SetupDiOpenClassRegKeyExW 407->409 410 7ff7a7455973 408->410 411 7ff7a7455d6f 408->411 409->404 412 7ff7a74559bb-7ff7a74559cb call 7ff7a74516c0 409->412 410->409 413 7ff7a7455d74-7ff7a7455d77 411->413 420 7ff7a7455d43-7ff7a7455d6d call 7ff7a7456f98 call 7ff7a7451084 call 7ff7a7452f24 412->420 421 7ff7a74559d1-7ff7a74559e2 412->421 414 7ff7a7455d79-7ff7a7455d7c call 7ff7a7451560 413->414 415 7ff7a7455d81-7ff7a7455d88 413->415 414->415 415->404 419 7ff7a7455d8a-7ff7a7455d8d RegCloseKey 415->419 419->404 420->413 422 7ff7a74559fe-7ff7a7455a0e 421->422 423 7ff7a74559e4-7ff7a74559f4 call 7ff7a7451448 421->423 422->420 426 7ff7a7455a14-7ff7a7455a19 422->426 423->415 431 7ff7a74559fa 423->431 429 7ff7a7455a1c-7ff7a7455a23 426->429 432 7ff7a7455a29-7ff7a7455a33 429->432 433 7ff7a7455c6a 429->433 431->422 436 7ff7a7455a4b-7ff7a7455a4f 432->436 437 7ff7a7455a35-7ff7a7455a42 432->437 435 7ff7a7455c6f-7ff7a7455c72 433->435 435->420 439 7ff7a7455c78-7ff7a7455c7b 435->439 436->411 442 7ff7a7455a55-7ff7a7455a58 436->442 440 7ff7a7455a48 437->440 441 7ff7a7455c53-7ff7a7455c63 437->441 445 7ff7a7455d10-7ff7a7455d23 RegDeleteValueW 439->445 446 7ff7a7455c81-7ff7a7455c8d 439->446 440->436 441->435 444 7ff7a7455c65 441->444 447 7ff7a7455a5e-7ff7a7455a61 442->447 448 7ff7a7455bc2-7ff7a7455bc8 442->448 444->429 445->413 450 7ff7a7455d25-7ff7a7455d37 call 7ff7a7456f98 call 7ff7a7451084 445->450 451 7ff7a7455ca9-7ff7a7455cbe 446->451 452 7ff7a7455c8f-7ff7a7455ca7 lstrlenW 446->452 447->448 453 7ff7a7455a67-7ff7a7455a6a 447->453 449 7ff7a7455be3-7ff7a7455be7 448->449 457 7ff7a7455be9-7ff7a7455bf0 449->457 458 7ff7a7455bca-7ff7a7455bdc _wcsicmp 449->458 474 7ff7a7455d3c-7ff7a7455d41 450->474 451->413 459 7ff7a7455cc4-7ff7a7455ce6 RegSetValueExW 451->459 452->451 452->452 454 7ff7a7455a6c-7ff7a7455a6e 453->454 455 7ff7a7455a8d-7ff7a7455a90 453->455 460 7ff7a7455a88-7ff7a7455a8b 454->460 461 7ff7a7455a70-7ff7a7455a76 454->461 455->411 465 7ff7a7455a96-7ff7a7455a98 455->465 457->413 464 7ff7a7455bf6-7ff7a7455bf9 457->464 458->457 462 7ff7a7455bde-7ff7a7455be0 458->462 459->413 466 7ff7a7455cec-7ff7a7455d0e call 7ff7a7456f98 call 7ff7a7451084 call 7ff7a7452f24 459->466 467 7ff7a7455a9c-7ff7a7455ab5 OpenSCManagerW 460->467 461->467 468 7ff7a7455a78 461->468 462->449 470 7ff7a7455bfb-7ff7a7455bff 464->470 471 7ff7a7455c01-7ff7a7455c05 464->471 465->467 466->474 467->413 477 7ff7a7455abb-7ff7a7455ad3 OpenServiceW 467->477 473 7ff7a7455a7b-7ff7a7455a84 468->473 475 7ff7a7455c45-7ff7a7455c4e 470->475 476 7ff7a7455c09-7ff7a7455c1b 471->476 473->473 479 7ff7a7455a86 473->479 474->413 475->441 476->476 480 7ff7a7455c1d-7ff7a7455c2b call 7ff7a7451448 476->480 481 7ff7a7455ade-7ff7a7455aed CloseServiceHandle 477->481 482 7ff7a7455ad5-7ff7a7455ad8 CloseServiceHandle 477->482 479->467 480->413 493 7ff7a7455c31-7ff7a7455c3c call 7ff7a7451560 480->493 481->413 485 7ff7a7455af3-7ff7a7455af9 481->485 482->481 488 7ff7a7455afb 485->488 489 7ff7a7455b09-7ff7a7455b33 call 7ff7a74566f4 485->489 494 7ff7a7455afe-7ff7a7455b07 488->494 489->413 497 7ff7a7455b39-7ff7a7455b41 489->497 501 7ff7a7455c3f-7ff7a7455c42 493->501 494->489 494->494 499 7ff7a7455b43-7ff7a7455b4c 497->499 500 7ff7a7455b60-7ff7a7455b6a 497->500 502 7ff7a7455b4f-7ff7a7455b5e 499->502 503 7ff7a7455b6c-7ff7a7455b79 500->503 504 7ff7a7455b8e-7ff7a7455ba9 call 7ff7a7451448 call 7ff7a7456734 500->504 501->475 502->500 502->502 505 7ff7a7455b7c-7ff7a7455b8c 503->505 504->413 510 7ff7a7455baf-7ff7a7455bc0 call 7ff7a7451560 504->510 505->504 505->505 510->501
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseOpenService_wcsicmp$ClassHandleSetupValue$CharDeleteErrorFormatFreeFromGuidsLastLocalManagerMessageNamePrevfputwslstrlenwprintf
                                                                                                                                                • String ID: !$+$-$=$@$@$LowerFilters$UpperFilters$lower$upper
                                                                                                                                                • API String ID: 2866307409-2693469231
                                                                                                                                                • Opcode ID: 475d458dde6b006f2261f451de1f305ec4973a2f126bea94a7a9c44cb4103ff1
                                                                                                                                                • Instruction ID: 4e35bff19e0ce4a0c83c82e02e563b084ad0e23adb55cc2e72e96c590ce3f236
                                                                                                                                                • Opcode Fuzzy Hash: 475d458dde6b006f2261f451de1f305ec4973a2f126bea94a7a9c44cb4103ff1
                                                                                                                                                • Instruction Fuzzy Hash: D0D1D522A0EA4681EA54BF15D454279E3A6EF44BE0FC64231DD6E077F4DE3DED468320
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7453EA0, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 265COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$ClassDestroyDeviceFromGuidsInfoListName
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1860465623-3916222277
                                                                                                                                                • Opcode ID: 58df64179a93e669d7bc1e408b9b82836edc5f97dc6a4b939f47db1f81a18f90
                                                                                                                                                • Instruction ID: 4fdb8b6b7ba622f03438816ac5fef6e52440911f4f0ed8f294e4312b6fa75203
                                                                                                                                                • Opcode Fuzzy Hash: 58df64179a93e669d7bc1e408b9b82836edc5f97dc6a4b939f47db1f81a18f90
                                                                                                                                                • Instruction Fuzzy Hash: ACB1C332B0A64281EB10AF65E4546B9B7A4FB44B98FD14235EE5D0BBE4DF3CD806C710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7451194, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ProcessToken$AdjustCloseCurrentHandleInitiateLookupOpenPrivilegePrivilegesShutdownSystemValue
                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                • API String ID: 2036077386-3733053543
                                                                                                                                                • Opcode ID: e4a8f5eeed68fae43d3c058ab3832d3c04b5591a535e3b4deb415aa771e51b5b
                                                                                                                                                • Instruction ID: 4c61a5ef0c90da7f43aa13ed97142ffcfe3819b41770f49ca6af193ffc436219
                                                                                                                                                • Opcode Fuzzy Hash: e4a8f5eeed68fae43d3c058ab3832d3c04b5591a535e3b4deb415aa771e51b5b
                                                                                                                                                • Instruction Fuzzy Hash: 6B113372619A42C2E750DF21F41576AB364FB85B44FC15035E98E46A64CF7CD446CB10
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7456560, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DirectoryFileFindFirstWindows
                                                                                                                                                • String ID: \INF\OEM*.INF
                                                                                                                                                • API String ID: 1585389207-2728984289
                                                                                                                                                • Opcode ID: 9a86839f2aa0f6237b4c1bfc81412a82363a33fadf86eb67385f59b3bd64b019
                                                                                                                                                • Instruction ID: 065c2e5f975df7d067f9d86728182177c6145a4f726777e18ae8ce3cd8ff2bfb
                                                                                                                                                • Opcode Fuzzy Hash: 9a86839f2aa0f6237b4c1bfc81412a82363a33fadf86eb67385f59b3bd64b019
                                                                                                                                                • Instruction Fuzzy Hash: A241A321B0A68281FE60BF20E1202B9A264EF84B90FD64635DE5D477E5DE2CEC078721
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7453764, Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 214libraryfileloaderCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 513 7ff7a7453764-7ff7a74537bc call 7ff7a7457090 SetupOpenInfFileW 516 7ff7a74537cc-7ff7a74537f5 SetupFindFirstLineW 513->516 517 7ff7a74537be-7ff7a74537c7 GetLastError 513->517 519 7ff7a74537f7-7ff7a7453815 SetupGetStringFieldW 516->519 520 7ff7a7453834-7ff7a7453843 call 7ff7a7456f98 call 7ff7a7451084 516->520 518 7ff7a7453ab1-7ff7a7453ae3 call 7ff7a7456a70 517->518 519->520 523 7ff7a7453817-7ff7a7453832 call 7ff7a7456f98 call 7ff7a7451084 519->523 530 7ff7a7453848-7ff7a7453866 SetupFindFirstLineW 520->530 523->530 532 7ff7a7453868-7ff7a7453886 SetupGetStringFieldW 530->532 533 7ff7a74538e1-7ff7a74538f0 call 7ff7a7456f98 call 7ff7a7451084 530->533 532->533 535 7ff7a7453888-7ff7a745389c CLSIDFromString 532->535 540 7ff7a74538f5-7ff7a7453908 LoadLibraryW 533->540 535->533 537 7ff7a745389e-7ff7a74538c2 SetupDiGetClassDescriptionExW 535->537 537->533 539 7ff7a74538c4-7ff7a74538df call 7ff7a7456f98 call 7ff7a7451084 537->539 539->540 542 7ff7a745390e-7ff7a7453924 GetProcAddress 540->542 543 7ff7a7453a9a-7ff7a7453aa6 SetupCloseInfFile 540->543 542->543 546 7ff7a745392a-7ff7a7453959 memset 542->546 543->518 545 7ff7a7453aa8-7ff7a7453aab FreeLibrary 543->545 545->518 550 7ff7a745395b-7ff7a7453966 GetLastError 546->550 551 7ff7a7453992-7ff7a74539af call 7ff7a7456f98 call 7ff7a7451084 546->551 550->551 553 7ff7a7453968-7ff7a7453973 GetLastError 550->553 558 7ff7a74539b4-7ff7a74539d2 SetupFindFirstLineW 551->558 553->551 555 7ff7a7453975-7ff7a7453990 call 7ff7a7456f98 call 7ff7a7451084 553->555 555->558 560 7ff7a74539d8-7ff7a7453a00 SetupGetStringFieldW 558->560 561 7ff7a7453a70-7ff7a7453a85 call 7ff7a7456f98 call 7ff7a7451084 558->561 564 7ff7a7453a1d-7ff7a7453a2a call 7ff7a7456f98 call 7ff7a7451084 560->564 565 7ff7a7453a02-7ff7a7453a1b call 7ff7a7456f98 call 7ff7a7451084 560->565 578 7ff7a7453a88-7ff7a7453a95 call 7ff7a7456f98 call 7ff7a7451084 561->578 576 7ff7a7453a2f-7ff7a7453a53 SetupGetStringFieldW 564->576 565->576 576->578 579 7ff7a7453a55-7ff7a7453a6e call 7ff7a7456f98 call 7ff7a7451084 576->579 578->543 579->543
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$ErrorLastString$FieldFindFirstLine$AddressClassDescriptionFileFromLibraryLoadOpenProcmemset
                                                                                                                                                • String ID: ClassGUID$DriverVer$Provider$SetupVerifyInfFile$Version$setupapi.dll
                                                                                                                                                • API String ID: 653204746-1638047923
                                                                                                                                                • Opcode ID: 69602bca725b19a060b4aa2423c0333f56ee32f9dc484792623f52d9b2101a75
                                                                                                                                                • Instruction ID: 27571681c4296f1f9c49ec7386e8e6f0e5019a33105a3c8fd827357600040c7b
                                                                                                                                                • Opcode Fuzzy Hash: 69602bca725b19a060b4aa2423c0333f56ee32f9dc484792623f52d9b2101a75
                                                                                                                                                • Instruction Fuzzy Hash: 4A914C21B0AA8295F754BF61E8101F9A355BF84B84FD24435ED0E676A5DE3CED07C720
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7453070, Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 281timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$DriverInfo$DeviceInstallParamsTimememset$BuildDateDetailEnumErrorFileFormatLastListSystem
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2012139668-3916222277
                                                                                                                                                • Opcode ID: 214bb39daba48261a4d9ee10ba38abf92301863c43cf40b1e61d76dfc39f4f69
                                                                                                                                                • Instruction ID: 31c56830165c390bdc53d949306b820383d55a747715725156cc052911d10937
                                                                                                                                                • Opcode Fuzzy Hash: 214bb39daba48261a4d9ee10ba38abf92301863c43cf40b1e61d76dfc39f4f69
                                                                                                                                                • Instruction Fuzzy Hash: F8B19421B0A18246F754BF21D8516FDA255FF85B88FC10835ED4E57BA6CE3CED068760
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74517BC, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 120stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrlen$CharNext_wcsicmp_wcsnicmp
                                                                                                                                                • String ID: *
                                                                                                                                                • API String ID: 138455478-163128923
                                                                                                                                                • Opcode ID: e5cec1f2ab734ab3f8a8e0ac004467d751c666d26f833d1e0f2473941603a68e
                                                                                                                                                • Instruction ID: 422b7b158e032180e6a14823965c75873bf564c0e72178fd6900c5af49168dc7
                                                                                                                                                • Opcode Fuzzy Hash: e5cec1f2ab734ab3f8a8e0ac004467d751c666d26f833d1e0f2473941603a68e
                                                                                                                                                • Instruction Fuzzy Hash: C7415025B0AA5681EA24AF569554079A3A5FF05FC1BC64035DE4F037B0EF3CE993C320
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7455DD0, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: wprintf$DeviceGet_Setup_wcsicmp$CharDetailDevice_FormatFreeInfoListLocalMessageNode_PrevPropertyRegistryStatus_fputwslstrlen
                                                                                                                                                • String ID: %-60s:
                                                                                                                                                • API String ID: 4048145858-769737362
                                                                                                                                                • Opcode ID: 85e9f0c25e025548421e56feeebcc99c5bc4819402c59e825c7775ab218bc565
                                                                                                                                                • Instruction ID: 8b0604dccde8d23594e5531163960796018c4ba2fcf4a78d3976b21ba31cb167
                                                                                                                                                • Opcode Fuzzy Hash: 85e9f0c25e025548421e56feeebcc99c5bc4819402c59e825c7775ab218bc565
                                                                                                                                                • Instruction Fuzzy Hash: 58A1A122B0A64682EA20EF05E55463AF3A5FB44B94FC64131DE4E47BA5DF3DEC52C720
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74524F4, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 113COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Des_Res_$Get_$Data_Free_HandleNext_wprintf$Size_fputs
                                                                                                                                                • String ID: DMA : %u$IO : %04I64x-%04I64x$IRQ : %u$MEM : %08I64x-%08I64x
                                                                                                                                                • API String ID: 722776883-3427375868
                                                                                                                                                • Opcode ID: 219a627bf99cf0229d76403beca38c20d34cc29e9f5e404185d46302754bfad3
                                                                                                                                                • Instruction ID: 237e0907e176620165cf9bb8684bc82169bacd25391281a3f2214877c84e0e67
                                                                                                                                                • Opcode Fuzzy Hash: 219a627bf99cf0229d76403beca38c20d34cc29e9f5e404185d46302754bfad3
                                                                                                                                                • Instruction Fuzzy Hash: 0E419F72B1A64286EB14EF25D4542B8A364FB54B88FC60136EE0D477B4DF38EC42C764
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74551D0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 138stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$Device$Info$ClassCreateList$CallDestroyFullInstallerNamePathPropertyRegistrylstrlenmemset
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2055260941-3916222277
                                                                                                                                                • Opcode ID: ea95f8d8e34dffe6775af6a994d76ed78bc43aeaf0f9397b97750e8cef096d3a
                                                                                                                                                • Instruction ID: 7a94003da504550556151380d3c9071d85f106d36fb81db318f6e2579183562a
                                                                                                                                                • Opcode Fuzzy Hash: ea95f8d8e34dffe6775af6a994d76ed78bc43aeaf0f9397b97750e8cef096d3a
                                                                                                                                                • Instruction Fuzzy Hash: F051D331B05A8186EB10AF61E8047B9B3A6FB84B94FC54136EE4D47BA4DF7DD906C710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74563E0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 86libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Library$AddressErrorFreeFullLastLoadNamePathProc
                                                                                                                                                • String ID: SetupUninstallOEMInfW$setupapi.dll
                                                                                                                                                • API String ID: 3805412813-3713901415
                                                                                                                                                • Opcode ID: 28361569a6b424ef4abd6fb170231f269fd3b5e35c3d8ea5e6b80940ec833879
                                                                                                                                                • Instruction ID: be7ac4dc37dc69cfcb8113120804ffa67eaddeea87e4686a318a944334664252
                                                                                                                                                • Opcode Fuzzy Hash: 28361569a6b424ef4abd6fb170231f269fd3b5e35c3d8ea5e6b80940ec833879
                                                                                                                                                • Instruction Fuzzy Hash: 4F316B21A0A68682FB60BF11E42537AE355EF84B44FD24435DD4E47BA9DE3CEC428722
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74534E0, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 167registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setupwprintf$CharClassCloseDetailDeviceFormatFreeInfoListLocalMessageOpenPrevQueryValuefputsfputws
                                                                                                                                                • String ID: %s$LowerFilters$UpperFilters
                                                                                                                                                • API String ID: 4180368772-1836264166
                                                                                                                                                • Opcode ID: c606a585928f19b9872c7cf4895e86c0d7122ab524f4339a6f7d1a7d5ebc2297
                                                                                                                                                • Instruction ID: 0cddbd6b32bbb41b36ebadfd9a0973bf4f36454c5f8d6eb250c34cefbc98f432
                                                                                                                                                • Opcode Fuzzy Hash: c606a585928f19b9872c7cf4895e86c0d7122ab524f4339a6f7d1a7d5ebc2297
                                                                                                                                                • Instruction Fuzzy Hash: AE519251B0B28251F958BF1194212B99289AF85B94FCB0938ED1F0B7E2DE3DEC438760
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7455050, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Library$AddressAttributesFileFreeFullLoadNamePathProc
                                                                                                                                                • String ID: UpdateDriverForPlugAndPlayDevicesW$newdev.dll
                                                                                                                                                • API String ID: 497426240-3767700378
                                                                                                                                                • Opcode ID: 0daadc53b92a1779aa40d490d212808bbe4ed30a6e527f4d60fd2405cb247117
                                                                                                                                                • Instruction ID: 2d54d097f58c99b70064ffb145814aa42663e971dee1c897f65d7da822ddbabe
                                                                                                                                                • Opcode Fuzzy Hash: 0daadc53b92a1779aa40d490d212808bbe4ed30a6e527f4d60fd2405cb247117
                                                                                                                                                • Instruction Fuzzy Hash: 6D317E21B0AB8285FB50AF21E4552B9A3A5FB88B80FD64035DE4D537A5DF3DEC42C760
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74554F0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 72COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$ClassDeviceInstallParams$CallDetailDevice_Get_InfoInstallerListwprintf
                                                                                                                                                • String ID: %-60s: %s
                                                                                                                                                • API String ID: 1061212145-3470069224
                                                                                                                                                • Opcode ID: 6f9338ddb5a4caa4b8fcd1cc9a44fde643f8bb69ad578ea4decead6c0bbc18bd
                                                                                                                                                • Instruction ID: 904b1f7a2a1b53e33fda45ba210ac9c70f1e56e40aaae6ba422e34a7e9fb8ffc
                                                                                                                                                • Opcode Fuzzy Hash: 6f9338ddb5a4caa4b8fcd1cc9a44fde643f8bb69ad578ea4decead6c0bbc18bd
                                                                                                                                                • Instruction Fuzzy Hash: 85315071605A868AF7209F21DC047EAB765FB44B88FC10135DE0C4BAA8DF3DD946C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7453C50, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 155COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ClassSetup$BuildDescriptionErrorFromGuidInfoLastListNamemallocwprintf
                                                                                                                                                • String ID: %-20s: %s
                                                                                                                                                • API String ID: 894314750-1251934994
                                                                                                                                                • Opcode ID: 986012ab14d0c424ce9ab26d0b016c0451a8380168dac182e6dba2f5767a7754
                                                                                                                                                • Instruction ID: 076a0747372f9a95bfbc24ce61423367f994437a821bb3bc1935b17ca1cca50d
                                                                                                                                                • Opcode Fuzzy Hash: 986012ab14d0c424ce9ab26d0b016c0451a8380168dac182e6dba2f5767a7754
                                                                                                                                                • Instruction Fuzzy Hash: 7B51A032B1678282EB50AF21E550AA9B3A8FB44B88FD54135DE4D47B64DF3CE90AC710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74520DC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: wprintf$DetailDeviceDevice_Get_InfoListSetup
                                                                                                                                                • String ID: %-60s: %s$%s
                                                                                                                                                • API String ID: 500149863-1339393084
                                                                                                                                                • Opcode ID: 9f2bc23e2d1f42a96e213981ae22f8161a17a3e0885d8cba7927149de7edc2b5
                                                                                                                                                • Instruction ID: 682e3722e08ce450807125ebfad502cffc7b292524c8c757ee346cd13c84a590
                                                                                                                                                • Opcode Fuzzy Hash: 9f2bc23e2d1f42a96e213981ae22f8161a17a3e0885d8cba7927149de7edc2b5
                                                                                                                                                • Instruction Fuzzy Hash: EF218262B1AA8296FA21AF15E84477AA364FF44784FC60031DE0D47674EF3CD907C724
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7455400, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Library$Free$AddressLoadProc
                                                                                                                                                • String ID: SetupSetNonInteractiveMode$setupapi.dll
                                                                                                                                                • API String ID: 1386263645-1268865691
                                                                                                                                                • Opcode ID: 6ec523a6f35e0418e944827c456bf1123f4debe30d39e0958f4724abc6b7df78
                                                                                                                                                • Instruction ID: 8edb51b23e7266fbed7724e13bbbd6c57fbc97f17e105bed9049d163783eab95
                                                                                                                                                • Opcode Fuzzy Hash: 6ec523a6f35e0418e944827c456bf1123f4debe30d39e0958f4724abc6b7df78
                                                                                                                                                • Instruction Fuzzy Hash: 5B216725B0AB0182EA10AF16A841139F7A5BB89FC0FC64434EE4D43B34EE3CE8438714
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A745269C, Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Conf_Get_Log_$First_$DetailDeviceFree_HandleInfoListNode_SetupStatus_
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 950201049-0
                                                                                                                                                • Opcode ID: 183b7b4ae557552bb22e1c9d09f60b7f5903a353b37b2a18227cc174eaeee114
                                                                                                                                                • Instruction ID: 68ab519a923c07f7f078466d042dcaf2c6c32f69d06712e216f283a346ace745
                                                                                                                                                • Opcode Fuzzy Hash: 183b7b4ae557552bb22e1c9d09f60b7f5903a353b37b2a18227cc174eaeee114
                                                                                                                                                • Instruction Fuzzy Hash: A941953261A68286E750EF10E4507AAB360FB84B48FC11135FE4E476A5DF3CD846CB60
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7456E84, Relevance: 9.0, APIs: 6, Instructions: 47timethreadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4104442557-0
                                                                                                                                                • Opcode ID: 6e19578d9e6b8e50ed40d7a7f64d35ebfd7b837366c80e842d98cb2a268ba686
                                                                                                                                                • Instruction ID: 3ed00981c2a891fb035723592f01a0be03d28ea182b5fef791027c71398291e1
                                                                                                                                                • Opcode Fuzzy Hash: 6e19578d9e6b8e50ed40d7a7f64d35ebfd7b837366c80e842d98cb2a268ba686
                                                                                                                                                • Instruction Fuzzy Hash: 21111D22705F418AEB00AF70E85526973A4FB09758FC50A31EE5D46B64DF7CD5A58350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74549F0, Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Setup$Class$InstallParams$CallDeviceInstallerwprintf$DetailDevice_Get_InfoList
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3776784670-0
                                                                                                                                                • Opcode ID: c1974e11253ec066670219f8e13924fe704f1cefe2663eb8149dba16e3e772a2
                                                                                                                                                • Instruction ID: bff1fc0fd568e703ef4cd65ed0545d809755503026b34319ed19968e286448a4
                                                                                                                                                • Opcode Fuzzy Hash: c1974e11253ec066670219f8e13924fe704f1cefe2663eb8149dba16e3e772a2
                                                                                                                                                • Instruction Fuzzy Hash: CF316D726096418AE7209F52E5543BAB7A4FB49FC8F854139DE4D0BAA8CF3CD946CB10
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7456A70, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 140117192-0
                                                                                                                                                • Opcode ID: 058048644d94887ecaa4144e2d7c7b6937ae20d7a986c2c409f2bc3a275ef3c5
                                                                                                                                                • Instruction ID: 20a2f79862a990562605427e0f3e8c67a4d5933dd826e961b8b1bf4ca59350b7
                                                                                                                                                • Opcode Fuzzy Hash: 058048644d94887ecaa4144e2d7c7b6937ae20d7a986c2c409f2bc3a275ef3c5
                                                                                                                                                • Instruction Fuzzy Hash: 7041B535A0AB4581EA50AF19F894369B3A4FB89784FD24136ED8D43774DF7CE846C720
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A7451084, Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharFormatFreeLocalMessagePrevfputws
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 578739846-0
                                                                                                                                                • Opcode ID: 69743a47ebb7d1fb7a5a078017e19093efe5ac0cddd9a8fde7ce9873891134a2
                                                                                                                                                • Instruction ID: 64e7fbfe74354b29cb7adc83a2ad0eb0d8f7431d90cbe497b36f41141d0f30b6
                                                                                                                                                • Opcode Fuzzy Hash: 69743a47ebb7d1fb7a5a078017e19093efe5ac0cddd9a8fde7ce9873891134a2
                                                                                                                                                • Instruction Fuzzy Hash: 4E217A77B05A518AEB019F66D8954BC77B9BB88B98F920535CE0E13B24EF34C896C350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF7A74557D0, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000011.00000002.330321635.00007FF7A7451000.00000020.00020000.sdmp, Offset: 00007FF7A7450000, based on PE: true
                                                                                                                                                • Associated: 00000011.00000002.330307532.00007FF7A7450000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330349680.00007FF7A7458000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330388990.00007FF7A745B000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000011.00000002.330413097.00007FF7A745C000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_17_2_7ff7a7450000_detect_x64.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MachineNode_$Connect_Disconnect_Locate_Reenumerate_
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 218754429-0
                                                                                                                                                • Opcode ID: f49f4ebda9200f29a3b64b84b808d6328c6ce76fa5272c13e91149d8f658dd1b
                                                                                                                                                • Instruction ID: cc184c26f079b416a507fa50efd444e724b4d0538ce65112a48db808f3a278e9
                                                                                                                                                • Opcode Fuzzy Hash: f49f4ebda9200f29a3b64b84b808d6328c6ce76fa5272c13e91149d8f658dd1b
                                                                                                                                                • Instruction Fuzzy Hash: D9119321B0E58282FB54AF26E451679E3A2BFD4B84FC64531EE8D47674DE3DD8068610
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Analysis Process: aes_x64.exe PID: 7004 Parent PID: 5556 aes_x64.exeCOMMON

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FF697683750, Relevance: 69.1, APIs: 13, Strings: 26, Instructions: 887encryptionCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Crypt$ContextErrorLast$Acquire$RandomRelease_errno_invalid_parameter_noinfosprintf
                                                                                                                                                • String ID: %s %s$3.10$66666666$66666666$CREATED_BY$Could not acquire handle to crypto context$Error: Could not flush output file buffer$Error: Could not write iv_key HMAC$Error: Could not write iv_key data$Error: Could not write out header data$Error: Could not write out initialization vector$Error: Could not write tag to AES file (1)$Error: Could not write tag to AES file (2)$Error: Could not write tag to AES file (3)$Error: Could not write tag to AES file (4)$Error: Could not write tag to AES file (5)$Error: Could not write tag to AES file (6)$Error: Could not write the file HMAC$Error: Could not write the file size modulo$Error: Could not write to output file$Error: Couldn't read input file$Windows is unable to generate random digits$\\\\\\\\$\\\\\\\\$aescrypt$gj
                                                                                                                                                • API String ID: 2628475005-636462672
                                                                                                                                                • Opcode ID: c7a29cd750e171fca3b283f2f8563e0e48ccc20f8dd886d10119c66fc6e159ae
                                                                                                                                                • Instruction ID: c764671a5f8f3ee3a2cf56b284802d1c69cbf96a118821dffbb3a54871767f7f
                                                                                                                                                • Opcode Fuzzy Hash: c7a29cd750e171fca3b283f2f8563e0e48ccc20f8dd886d10119c66fc6e159ae
                                                                                                                                                • Instruction Fuzzy Hash: E092C0726087C289EB30CF25E4842ED7BA1FB467C8F400175DA5D9BA9AEF78D645DB00
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768CA14, Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 465COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 295 7ff69768ca14-7ff69768ca5c call 7ff6976925c0 298 7ff69768ca5e-7ff69768ca60 295->298 299 7ff69768ca65-7ff69768ca68 295->299 300 7ff69768d14a-7ff69768d173 call 7ff697688ee0 298->300 301 7ff69768ca89-7ff69768cabf 299->301 302 7ff69768ca6a-7ff69768ca7c call 7ff69768c1ec call 7ff69768c1cc call 7ff69768c164 299->302 304 7ff69768cac1-7ff69768cac5 301->304 305 7ff69768cac7-7ff69768cace 301->305 318 7ff69768ca81-7ff69768ca84 302->318 304->305 309 7ff69768cad0-7ff69768cad6 304->309 305->302 305->309 311 7ff69768cae5-7ff69768caee call 7ff697691584 309->311 312 7ff69768cad8-7ff69768cae0 call 7ff6976913b4 309->312 319 7ff69768cdbe-7ff69768cdcf 311->319 320 7ff69768caf4-7ff69768cb05 311->320 312->311 318->300 321 7ff69768d0d3-7ff69768d0ef WriteFile 319->321 322 7ff69768cdd5-7ff69768cddd 319->322 320->319 323 7ff69768cb0b-7ff69768cb3b call 7ff697690574 GetConsoleMode 320->323 327 7ff69768d0f5-7ff69768d0fb 321->327 328 7ff69768cda8-7ff69768cdb0 GetLastError 321->328 325 7ff69768ceae-7ff69768ceb2 322->325 326 7ff69768cde3-7ff69768cde6 322->326 323->319 335 7ff69768cb41-7ff69768cb43 323->335 333 7ff69768cf90-7ff69768cf93 325->333 334 7ff69768ceb8-7ff69768cebb 325->334 330 7ff69768d109-7ff69768d11f 326->330 331 7ff69768cdec 326->331 332 7ff69768d0a1-7ff69768d0a3 327->332 328->332 337 7ff69768d121-7ff69768d126 330->337 338 7ff69768d12c-7ff69768d13f call 7ff69768c1cc call 7ff69768c1ec 330->338 336 7ff69768cdef-7ff69768cdfb 331->336 339 7ff69768d144-7ff69768d148 332->339 340 7ff69768d0a9-7ff69768d0ab 332->340 333->330 341 7ff69768cf99 333->341 334->330 342 7ff69768cec1 334->342 344 7ff69768cb4e-7ff69768cb62 GetConsoleCP 335->344 345 7ff69768cb45-7ff69768cb48 335->345 346 7ff69768cdfd-7ff69768ce06 336->346 337->298 337->338 338->318 339->300 340->330 348 7ff69768d0ad-7ff69768d0b0 340->348 349 7ff69768cf9f-7ff69768cfa4 341->349 343 7ff69768cec6-7ff69768ced2 342->343 350 7ff69768ced4-7ff69768cedd 343->350 351 7ff69768cdb5-7ff69768cdb9 344->351 352 7ff69768cb68-7ff69768cb6b 344->352 345->319 345->344 353 7ff69768ce2f-7ff69768ce73 WriteFile 346->353 354 7ff69768ce08-7ff69768ce11 346->354 356 7ff69768d0b2-7ff69768d0c4 call 7ff69768c1cc call 7ff69768c1ec 348->356 357 7ff69768d0fd-7ff69768d104 call 7ff69768c20c 348->357 358 7ff69768cfa6-7ff69768cfaf 349->358 359 7ff69768cedf-7ff69768ceec 350->359 360 7ff69768cf11-7ff69768cf55 WriteFile 350->360 351->340 362 7ff69768cb71-7ff69768cb90 352->362 363 7ff69768ccf5-7ff69768ccf9 352->363 353->328 366 7ff69768ce79-7ff69768ce8f 353->366 364 7ff69768ce1e-7ff69768ce2d 354->364 365 7ff69768ce13-7ff69768ce1b 354->365 356->318 357->318 369 7ff69768cfe0-7ff69768d028 WideCharToMultiByte 358->369 370 7ff69768cfb1-7ff69768cfbe 358->370 373 7ff69768ceee-7ff69768cef9 359->373 374 7ff69768cefd-7ff69768cf0f 359->374 360->328 375 7ff69768cf5b-7ff69768cf71 360->375 377 7ff69768cbb2-7ff69768cbbc call 7ff6976921f0 362->377 378 7ff69768cb92-7ff69768cbb0 362->378 380 7ff69768cd01-7ff69768cd1d 363->380 381 7ff69768ccfb-7ff69768ccff 363->381 364->346 364->353 365->364 366->332 379 7ff69768ce95-7ff69768cea3 366->379 371 7ff69768d02e 369->371 372 7ff69768d0c9-7ff69768d0d1 GetLastError 369->372 384 7ff69768cfc0-7ff69768cfc8 370->384 385 7ff69768cfcc-7ff69768cfde 370->385 386 7ff69768d030-7ff69768d06d WriteFile 371->386 391 7ff69768d09c 372->391 373->374 374->350 374->360 375->332 392 7ff69768cf77-7ff69768cf85 375->392 408 7ff69768cbbe-7ff69768cbcb 377->408 409 7ff69768cbf2-7ff69768cbf8 377->409 393 7ff69768cbfb-7ff69768cc08 call 7ff6976925a0 378->393 379->336 387 7ff69768cea9 379->387 389 7ff69768cd24-7ff69768cd28 380->389 381->380 388 7ff69768cd1f 381->388 384->385 385->358 385->369 399 7ff69768d06f-7ff69768d076 386->399 400 7ff69768d07a-7ff69768d080 GetLastError 386->400 387->332 388->389 395 7ff69768cd30-7ff69768cd3f call 7ff69768fc7c 389->395 396 7ff69768cd2a-7ff69768cd2e 389->396 391->332 392->343 401 7ff69768cf8b 392->401 411 7ff69768cc0e-7ff69768cc4b WideCharToMultiByte 393->411 412 7ff69768cd9f-7ff69768cda3 393->412 395->328 418 7ff69768cd41-7ff69768cd47 395->418 396->395 406 7ff69768cd6a 396->406 399->386 404 7ff69768d078 399->404 405 7ff69768d082-7ff69768d085 400->405 401->332 404->405 405->391 413 7ff69768d087-7ff69768d096 405->413 414 7ff69768cd6f-7ff69768cd77 406->414 415 7ff69768cd7e-7ff69768cd96 408->415 416 7ff69768cbd1-7ff69768cbe7 call 7ff6976925a0 408->416 409->393 411->412 417 7ff69768cc51-7ff69768cc80 WriteFile 411->417 412->332 413->349 413->391 414->412 419 7ff69768cd79 414->419 415->412 416->412 426 7ff69768cbed-7ff69768cbf0 416->426 417->328 422 7ff69768cc86-7ff69768cc94 417->422 418->406 421 7ff69768cd49-7ff69768cd62 call 7ff69768fc7c 418->421 419->352 421->328 430 7ff69768cd64-7ff69768cd66 421->430 422->412 424 7ff69768cc9a-7ff69768cca4 422->424 424->414 428 7ff69768ccaa-7ff69768ccdc WriteFile 424->428 426->411 428->328 429 7ff69768cce2-7ff69768cce7 428->429 429->412 431 7ff69768cced-7ff69768ccf3 429->431 430->406 431->414
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                • String ID: U
                                                                                                                                                • API String ID: 3902385426-4171548499
                                                                                                                                                • Opcode ID: 58048377370e666a2f1d6e046c7c6c99e81a38e45dbd3c5006686a12010112d2
                                                                                                                                                • Instruction ID: 56bd119a24914cf73bf562cdb61bee770b8e1f7d5f540823d23209a033fb0615
                                                                                                                                                • Opcode Fuzzy Hash: 58048377370e666a2f1d6e046c7c6c99e81a38e45dbd3c5006686a12010112d2
                                                                                                                                                • Instruction Fuzzy Hash: 27120332A1864286EF309F25D4443BA67B0FB9A7C4F5400B2DAADC7A94DF3CE445EB10
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697692810, Relevance: 42.6, APIs: 28, Instructions: 573fileCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$ErrorFileLast$CloseCreate__doserrno_lseek_nolock$Handle_close_nolock_invalid_parameter_noinfo$ChangeFindNotificationType_get_daylight
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4064658819-0
                                                                                                                                                • Opcode ID: 1cb25b56e59a56da9b886bade463df1bde7de8c464f0ceede616a735d11f07ef
                                                                                                                                                • Instruction ID: 9615e5a35d7179c7684b0914905a6db5a74bf96868bdd5f5be9da4c190a5b045
                                                                                                                                                • Opcode Fuzzy Hash: 1cb25b56e59a56da9b886bade463df1bde7de8c464f0ceede616a735d11f07ef
                                                                                                                                                • Instruction Fuzzy Hash: 7432B232F186528DFF788B69D4903BD26A0EB657E8F144275DA3EC76D5CE3CA841A700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976857C0, Relevance: 42.3, APIs: 9, Strings: 15, Instructions: 297COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 655 7ff6976857c0-7ff697685818 call 7ff6976925c0 call 7ff697685e30 660 7ff697685997-7ff6976859a0 655->660 661 7ff69768581e-7ff697685825 655->661 662 7ff6976859a6-7ff6976859ab call 7ff6976891f0 660->662 663 7ff697685a52-7ff697685a54 660->663 664 7ff697685830-7ff697685836 661->664 676 7ff6976859b2-7ff6976859c3 call 7ff697689bb4 call 7ff6976856e0 662->676 666 7ff697685a67-7ff697685a6a 663->666 667 7ff697685a56-7ff697685a62 call 7ff6976891f0 663->667 668 7ff69768583c-7ff697685846 664->668 669 7ff697685969-7ff697685978 call 7ff6976891f0 664->669 673 7ff697685af2-7ff697685afa 666->673 674 7ff697685a70-7ff697685a84 call 7ff697685fc0 666->674 667->676 668->669 682 7ff697685981-7ff697685991 call 7ff697685e30 669->682 683 7ff69768597c call 7ff697689078 669->683 679 7ff697685afc-7ff697685aff 673->679 680 7ff697685b39-7ff697685b46 673->680 692 7ff697685a8a 674->692 693 7ff697685b28-7ff697685b2d call 7ff6976891f0 674->693 719 7ff6976859da-7ff6976859ee 676->719 679->680 681 7ff697685b01-7ff697685b0d call 7ff6976891f0 679->681 686 7ff697685b4c 680->686 687 7ff697685d10 680->687 704 7ff697685b17-7ff697685b1c call 7ff6976891f0 681->704 705 7ff697685b0f-7ff697685b12 call 7ff69768a204 681->705 682->660 682->664 683->682 694 7ff697685b50-7ff697685b76 call 7ff69768a15c 686->694 691 7ff697685d12-7ff697685d3b call 7ff697688ee0 687->691 701 7ff697685a8c-7ff697685a8f 692->701 702 7ff697685ae4 692->702 693->680 713 7ff697685b78-7ff697685b83 call 7ff6976891f0 694->713 714 7ff697685bcf-7ff697685be4 call 7ff697689730 694->714 710 7ff697685aa6 701->710 711 7ff697685a91-7ff697685a93 701->711 709 7ff697685ae6 702->709 704->693 705->704 709->719 720 7ff697685aec 709->720 716 7ff697685aa8-7ff697685aaf 710->716 717 7ff697685ab1-7ff697685ac3 710->717 711->709 712 7ff697685a95-7ff697685aa1 call 7ff6976891f0 711->712 712->719 740 7ff6976859d5 call 7ff697689bb4 712->740 734 7ff697685d3c-7ff697685d43 713->734 735 7ff697685b89-7ff697685ba8 call 7ff6976891f0 call 7ff697689d1c call 7ff69768a060 713->735 737 7ff697685bea-7ff697685bee 714->737 738 7ff697685da9-7ff697685db5 call 7ff6976891f0 714->738 723 7ff697685ac7-7ff697685adf call 7ff6976891f0 call 7ff697689078 716->723 717->723 726 7ff697685a02-7ff697685a05 719->726 727 7ff6976859f0-7ff6976859f6 719->727 720->673 723->719 726->691 727->726 739 7ff6976859f8-7ff6976859fd call 7ff697689d14 727->739 746 7ff697685d45-7ff697685d48 734->746 747 7ff697685d52-7ff697685d57 call 7ff6976891f0 734->747 735->737 795 7ff697685baa-7ff697685bcd call 7ff6976891f0 * 2 call 7ff697689d1c call 7ff69768a060 735->795 744 7ff697685c42-7ff697685c46 737->744 745 7ff697685bf0-7ff697685bf3 737->745 762 7ff697685db7-7ff697685dba 738->762 763 7ff697685dc4-7ff697685dcc call 7ff6976891f0 738->763 739->726 740->719 750 7ff697685c48-7ff697685c4b 744->750 751 7ff697685cb5-7ff697685cbd call 7ff6976891f0 744->751 755 7ff697685c2b-7ff697685c3b call 7ff697683750 745->755 756 7ff697685bf5-7ff697685c25 call 7ff69768910c call 7ff697689730 745->756 746->747 757 7ff697685d4a-7ff697685d4d call 7ff69768a204 746->757 777 7ff697685d63-7ff697685d6b call 7ff6976891f0 747->777 760 7ff697685c4d-7ff697685c98 call 7ff697689404 call 7ff697689730 750->760 761 7ff697685c9e-7ff697685cae call 7ff697684840 750->761 783 7ff697685ccc-7ff697685cd8 call 7ff6976891f0 751->783 784 7ff697685cbf-7ff697685cc2 751->784 768 7ff697685c40 755->768 756->755 756->777 757->747 760->761 760->777 776 7ff697685cb3 761->776 762->763 770 7ff697685dbc-7ff697685dbf call 7ff69768a204 762->770 768->776 770->763 776->751 798 7ff697685d6d-7ff697685d70 777->798 799 7ff697685d7a-7ff697685d84 call 7ff6976891f0 777->799 796 7ff697685cda-7ff697685cdd 783->796 797 7ff697685cef-7ff697685cf1 783->797 784->783 785 7ff697685cc4-7ff697685cc7 call 7ff69768a204 784->785 785->783 795->737 796->797 801 7ff697685cdf-7ff697685ce2 call 7ff69768a204 796->801 797->719 803 7ff697685cf7-7ff697685d0a 797->803 798->799 802 7ff697685d72-7ff697685d75 call 7ff69768a204 798->802 813 7ff697685d90-7ff697685d92 799->813 811 7ff697685ce7-7ff697685ce9 801->811 802->799 803->687 803->694 811->797 811->813 813->719 815 7ff697685d98-7ff697685d9d call 7ff6976891f0 813->815 815->738
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: fwprintf
                                                                                                                                                • String ID: %s.aes$Error in read_password: %s.$Error opening input file %s : $Error opening output file %s : $Error: -e or -d not specified$Error: A single output file may not be specified with multiple input files.$Error: Could not properly close output file $Error: No file argument specified$Error: No password supplied.$Error: Passwords don't match.$Error: STDIN may not be specified with multiple input files.$Error: Unknown option '%c'$No valid error code specified!!!$password too long$user aborted
                                                                                                                                                • API String ID: 968622242-3753910606
                                                                                                                                                • Opcode ID: f30bb2431c8e13f17eddbb061c9b9e1cbf90f489282fe55a0e31aa7bc32ccb2c
                                                                                                                                                • Instruction ID: 6c333f63a5a1f748e6daf747012c5984d429769e8573ec455f628649cf699c57
                                                                                                                                                • Opcode Fuzzy Hash: f30bb2431c8e13f17eddbb061c9b9e1cbf90f489282fe55a0e31aa7bc32ccb2c
                                                                                                                                                • Instruction Fuzzy Hash: 85C17C31E1C64245FF71AB2094952F912A1EF537E4F9401B6EA3EC76D7EE6CE806E600
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768ED28, Relevance: 32.0, APIs: 21, Instructions: 482COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2315031519-0
                                                                                                                                                • Opcode ID: 6a984f06eda76db9bd71f109d79af0c710d8390853ec8f8e7d94d51da18f0398
                                                                                                                                                • Instruction ID: 37d02e4581d2bc736e09e6831259e9f35ad573a091b1342cad996750e2da9845
                                                                                                                                                • Opcode Fuzzy Hash: 6a984f06eda76db9bd71f109d79af0c710d8390853ec8f8e7d94d51da18f0398
                                                                                                                                                • Instruction Fuzzy Hash: 3422C732A0C68646FF728B68C4503FC2AA1EB56BD4F5841B5CA7E837D1DE7CE445A311
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768E728, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 210COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 994 7ff69768e728-7ff69768e76a 995 7ff69768e776-7ff69768e782 994->995 996 7ff69768e76c-7ff69768e774 994->996 997 7ff69768e7b4 995->997 998 7ff69768e784-7ff69768e787 995->998 996->995 996->996 1001 7ff69768e7b9 997->1001 999 7ff69768e789-7ff69768e78c 998->999 1000 7ff69768e7ac-7ff69768e7b2 998->1000 1002 7ff69768e78e-7ff69768e799 call 7ff69768c1cc call 7ff69768c164 999->1002 1003 7ff69768e7a5-7ff69768e7aa 999->1003 1004 7ff69768e7bc-7ff69768e7c9 1000->1004 1001->1004 1023 7ff69768e79e-7ff69768e7a0 1002->1023 1003->1001 1006 7ff69768e7cf-7ff69768e7d1 1004->1006 1007 7ff69768e992-7ff69768e996 1004->1007 1008 7ff69768e7d7-7ff69768e7dd 1006->1008 1009 7ff69768e8cb-7ff69768e8ce 1006->1009 1011 7ff69768e98e 1007->1011 1012 7ff69768e998-7ff69768e99c 1007->1012 1013 7ff69768e7df 1008->1013 1014 7ff69768e858-7ff69768e85b 1008->1014 1009->1007 1015 7ff69768e8d4 1009->1015 1011->1007 1012->1002 1017 7ff69768e9a2-7ff69768e9b8 call 7ff69769308c 1012->1017 1018 7ff69768e7e1-7ff69768e7e4 1013->1018 1019 7ff69768e84b-7ff69768e84e 1013->1019 1020 7ff69768e8ac-7ff69768e8b0 1014->1020 1021 7ff69768e85d-7ff69768e860 1014->1021 1022 7ff69768e8da-7ff69768e8de 1015->1022 1027 7ff69768e9bd-7ff69768e9bf 1017->1027 1029 7ff69768e7ea-7ff69768e7ed 1018->1029 1030 7ff69768e8bb-7ff69768e8c5 1018->1030 1025 7ff69768e8b2-7ff69768e8b5 1019->1025 1028 7ff69768e850-7ff69768e856 1019->1028 1020->1025 1026 7ff69768e8b7 1020->1026 1031 7ff69768e89e-7ff69768e8a4 1021->1031 1032 7ff69768e862-7ff69768e864 1021->1032 1033 7ff69768e8e0-7ff69768e8f7 call 7ff69768a15c 1022->1033 1034 7ff69768e8d6 1022->1034 1035 7ff69768e9e8-7ff69768ea04 1023->1035 1025->1030 1026->1030 1027->1023 1036 7ff69768e9c5-7ff69768e9e4 1027->1036 1028->1030 1037 7ff69768e7ef-7ff69768e7f1 1029->1037 1038 7ff69768e836-7ff69768e83a 1029->1038 1030->1006 1030->1009 1031->1025 1042 7ff69768e8a6-7ff69768e8aa 1031->1042 1039 7ff69768e890-7ff69768e893 1032->1039 1040 7ff69768e866-7ff69768e869 1032->1040 1033->1002 1054 7ff69768e8fd-7ff69768e901 1033->1054 1034->1022 1036->1035 1043 7ff69768e831-7ff69768e834 1037->1043 1044 7ff69768e7f3-7ff69768e7f6 1037->1044 1038->1025 1049 7ff69768e83c-7ff69768e849 1038->1049 1039->1025 1048 7ff69768e895-7ff69768e89c 1039->1048 1045 7ff69768e882-7ff69768e885 1040->1045 1046 7ff69768e86b-7ff69768e86e 1040->1046 1042->1030 1043->1025 1050 7ff69768e81f-7ff69768e823 1044->1050 1051 7ff69768e7f8-7ff69768e7fb 1044->1051 1045->1025 1053 7ff69768e887-7ff69768e88e 1045->1053 1046->1002 1052 7ff69768e874-7ff69768e87a 1046->1052 1048->1030 1049->1030 1050->1025 1059 7ff69768e829-7ff69768e82c 1050->1059 1055 7ff69768e816-7ff69768e81a 1051->1055 1056 7ff69768e7fd-7ff69768e800 1051->1056 1052->1025 1057 7ff69768e87c-7ff69768e880 1052->1057 1053->1030 1058 7ff69768e907-7ff69768e90b 1054->1058 1055->1030 1056->1002 1060 7ff69768e802-7ff69768e805 1056->1060 1057->1030 1061 7ff69768e903 1058->1061 1062 7ff69768e90d-7ff69768e911 1058->1062 1059->1030 1060->1025 1063 7ff69768e80b-7ff69768e811 1060->1063 1061->1058 1062->1002 1064 7ff69768e917-7ff69768e91f 1062->1064 1063->1030 1064->1064 1065 7ff69768e921-7ff69768e938 call 7ff6976931d8 1064->1065 1068 7ff69768e944-7ff69768e95b call 7ff6976931d8 1065->1068 1069 7ff69768e93a-7ff69768e942 1065->1069 1072 7ff69768e967-7ff69768e97e call 7ff6976931d8 1068->1072 1073 7ff69768e95d-7ff69768e965 1068->1073 1069->1007 1072->1002 1076 7ff69768e984-7ff69768e98c 1072->1076 1073->1007 1076->1007
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_wsopen_s
                                                                                                                                                • String ID: =$UNICODE$UTF-16LE$UTF-8$ccs
                                                                                                                                                • API String ID: 2449612375-31882262
                                                                                                                                                • Opcode ID: bd018454ee07a4a7cbe0e4cad969b3b4b81e3aaa997bed4a77fc631ea3a10e2b
                                                                                                                                                • Instruction ID: 9065b014d2c2b04f2000b2a0e103e51e951010bc67a87a0cb642b1818e324e84
                                                                                                                                                • Opcode Fuzzy Hash: bd018454ee07a4a7cbe0e4cad969b3b4b81e3aaa997bed4a77fc631ea3a10e2b
                                                                                                                                                • Instruction Fuzzy Hash: 5A71D0B6E0C25285FFB40B1598006F92690EFA3FC4F5940B5DDAEA36D5DE3CE940B241
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768A4A0, Relevance: 13.6, APIs: 9, Instructions: 87COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1077 7ff69768a4a0-7ff69768a4b6 1078 7ff69768a4b8-7ff69768a4ba 1077->1078 1079 7ff69768a4bc-7ff69768a4d3 1077->1079 1080 7ff69768a4f4-7ff69768a4ff call 7ff697690750 1078->1080 1079->1078 1081 7ff69768a4d5-7ff69768a4de 1079->1081 1086 7ff69768a501-7ff69768a508 1080->1086 1087 7ff69768a523-7ff69768a52a call 7ff6976906cc 1080->1087 1081->1078 1082 7ff69768a4e0-7ff69768a4e9 1081->1082 1082->1080 1085 7ff69768a4eb-7ff69768a4f1 1082->1085 1085->1080 1088 7ff69768a50f-7ff69768a51e call 7ff69768fd60 call 7ff69768a668 1086->1088 1089 7ff69768a50a call 7ff69768ffc0 1086->1089 1095 7ff69768a54e-7ff69768a55b call 7ff697690394 call 7ff69768e040 1087->1095 1096 7ff69768a52c-7ff69768a533 1087->1096 1088->1087 1089->1088 1108 7ff69768a567-7ff69768a587 GetCommandLineW call 7ff69769030c call 7ff697688c08 1095->1108 1109 7ff69768a55d-7ff69768a562 call 7ff69768a9c4 1095->1109 1099 7ff69768a535 call 7ff69768ffc0 1096->1099 1100 7ff69768a53a-7ff69768a549 call 7ff69768fd60 call 7ff69768a668 1096->1100 1099->1100 1100->1095 1115 7ff69768a593-7ff69768a59a call 7ff6976901d4 1108->1115 1116 7ff69768a589-7ff69768a58e call 7ff69768a9c4 1108->1116 1109->1108 1120 7ff69768a5a6-7ff69768a5b2 call 7ff69768a74c 1115->1120 1121 7ff69768a59c-7ff69768a5a1 call 7ff69768a9c4 1115->1121 1116->1115 1125 7ff69768a5b4-7ff69768a5b6 call 7ff69768a9c4 1120->1125 1126 7ff69768a5bb-7ff69768a5e3 call 7ff6976857c0 1120->1126 1121->1120 1125->1126 1130 7ff69768a5e5-7ff69768a5e7 call 7ff69768a98c 1126->1130 1131 7ff69768a5ec-7ff69768a616 call 7ff69768a9a4 1126->1131 1130->1131
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _amsg_exit$CommandInitializeLine_cinit
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 760082873-0
                                                                                                                                                • Opcode ID: f6cfb71d43cd20810c6ef214805e36bc78dfa22c367f843c34a576be28f3c767
                                                                                                                                                • Instruction ID: def50afc0819d7a72c1ac281e779ecb322de8e7be0e29bfced8ab5cccd096473
                                                                                                                                                • Opcode Fuzzy Hash: f6cfb71d43cd20810c6ef214805e36bc78dfa22c367f843c34a576be28f3c767
                                                                                                                                                • Instruction Fuzzy Hash: 14310C30E0C64386FF706BA495562F92291EF927C4F1445B9DA7DC62D3EE2CE880B752
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768F44C, Relevance: 13.6, APIs: 9, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2315031519-0
                                                                                                                                                • Opcode ID: 789be0953b5d205cc116f07ce7cfd0a91e55ccd26e112387eb7a68a54a946db3
                                                                                                                                                • Instruction ID: b7e8406bfb8b62fd7e6eea5b4d9081f96ff0e4a7a8e479071b500262bc771676
                                                                                                                                                • Opcode Fuzzy Hash: 789be0953b5d205cc116f07ce7cfd0a91e55ccd26e112387eb7a68a54a946db3
                                                                                                                                                • Instruction Fuzzy Hash: 7231D132A0824345EA326F69A8912FD3660EF537D0F4552B5EA38CB7D2CF7CE841A701
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768E040, Relevance: 10.7, APIs: 7, Instructions: 184COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1174 7ff69768e040-7ff69768e07f GetStartupInfoW call 7ff69768af00 1177 7ff69768e081-7ff69768e084 1174->1177 1178 7ff69768e089-7ff69768e0a1 1174->1178 1179 7ff69768e2f4-7ff69768e311 1177->1179 1180 7ff69768e0a3 1178->1180 1181 7ff69768e0e8-7ff69768e0ee 1178->1181 1184 7ff69768e0a7-7ff69768e0e0 1180->1184 1182 7ff69768e0f4-7ff69768e0fc 1181->1182 1183 7ff69768e228-7ff69768e22b 1181->1183 1182->1183 1185 7ff69768e102-7ff69768e118 1182->1185 1186 7ff69768e22e-7ff69768e23a 1183->1186 1184->1184 1187 7ff69768e0e2 1184->1187 1188 7ff69768e11e 1185->1188 1189 7ff69768e1a5-7ff69768e1aa 1185->1189 1190 7ff69768e23c-7ff69768e241 1186->1190 1191 7ff69768e24d-7ff69768e276 GetStdHandle 1186->1191 1187->1181 1192 7ff69768e125-7ff69768e135 call 7ff69768af00 1188->1192 1189->1183 1196 7ff69768e1ac-7ff69768e1b1 1189->1196 1190->1191 1193 7ff69768e243-7ff69768e248 1190->1193 1194 7ff69768e2c5-7ff69768e2ca 1191->1194 1195 7ff69768e278-7ff69768e27b 1191->1195 1207 7ff69768e19f 1192->1207 1208 7ff69768e137-7ff69768e152 1192->1208 1200 7ff69768e2d2-7ff69768e2e0 1193->1200 1194->1200 1195->1194 1201 7ff69768e27d-7ff69768e288 GetFileType 1195->1201 1197 7ff69768e1b3-7ff69768e1b8 1196->1197 1198 7ff69768e21b-7ff69768e226 1196->1198 1197->1198 1202 7ff69768e1ba-7ff69768e1bf 1197->1202 1198->1183 1198->1196 1200->1186 1204 7ff69768e2e6-7ff69768e2f2 SetHandleCount 1200->1204 1201->1194 1205 7ff69768e28a-7ff69768e294 1201->1205 1202->1198 1206 7ff69768e1c1-7ff69768e1c6 1202->1206 1204->1179 1209 7ff69768e296-7ff69768e29b 1205->1209 1210 7ff69768e29d-7ff69768e2a0 1205->1210 1213 7ff69768e1d6-7ff69768e212 InitializeCriticalSectionAndSpinCount 1206->1213 1214 7ff69768e1c8-7ff69768e1d4 GetFileType 1206->1214 1207->1189 1215 7ff69768e154 1208->1215 1216 7ff69768e195-7ff69768e19b 1208->1216 1211 7ff69768e2a7-7ff69768e2b9 InitializeCriticalSectionAndSpinCount 1209->1211 1210->1211 1212 7ff69768e2a2 1210->1212 1211->1177 1217 7ff69768e2bf-7ff69768e2c3 1211->1217 1212->1211 1213->1177 1218 7ff69768e218 1213->1218 1214->1198 1214->1213 1219 7ff69768e158-7ff69768e18d 1215->1219 1216->1192 1220 7ff69768e19d 1216->1220 1217->1200 1218->1198 1219->1219 1221 7ff69768e18f 1219->1221 1220->1189 1221->1216
                                                                                                                                                APIs
                                                                                                                                                • GetStartupInfoW.KERNEL32 ref: 00007FF69768E061
                                                                                                                                                  • Part of subcall function 00007FF69768AF00: Sleep.KERNEL32(?,?,00000000,00007FF697690523,?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF69768AF45
                                                                                                                                                • GetFileType.KERNEL32 ref: 00007FF69768E1CC
                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF69768E20A
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountCriticalFileInfoInitializeSectionSleepSpinStartupType
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3473179607-0
                                                                                                                                                • Opcode ID: 89a93fa9f7b4a8e379243402f2fb261c7a0f1390623c429a1ec5514ed30cc3dd
                                                                                                                                                • Instruction ID: bb3a00232fcc0b8902aeb46d6415765aa383815633ae2ea86e82a912ad3ffdb6
                                                                                                                                                • Opcode Fuzzy Hash: 89a93fa9f7b4a8e379243402f2fb261c7a0f1390623c429a1ec5514ed30cc3dd
                                                                                                                                                • Instruction Fuzzy Hash: DA817E72A08B8286EF248F24D49436937A0FB56BB4F5443B9CABD862D5DF3CE455E300
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768A7FC, Relevance: 10.6, APIs: 7, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                • _lock.LIBCMT ref: 00007FF69768A825
                                                                                                                                                  • Part of subcall function 00007FF69768E60C: _amsg_exit.LIBCMT ref: 00007FF69768E636
                                                                                                                                                • RtlDecodePointer.NTDLL(?,?,00000000,?,00000040,00000000,00000000,00007FF69768A9E9,?,?,00000000,00007FF69768E63B,?,?,00000000,00007FF697690491), ref: 00007FF69768A858
                                                                                                                                                • DecodePointer.KERNEL32(?,?,00000000,?,00000040,00000000,00000000,00007FF69768A9E9,?,?,00000000,00007FF69768E63B,?,?,00000000,00007FF697690491), ref: 00007FF69768A876
                                                                                                                                                • DecodePointer.KERNEL32(?,?,00000000,?,00000040,00000000,00000000,00007FF69768A9E9,?,?,00000000,00007FF69768E63B,?,?,00000000,00007FF697690491), ref: 00007FF69768A8B6
                                                                                                                                                • DecodePointer.KERNEL32(?,?,00000000,?,00000040,00000000,00000000,00007FF69768A9E9,?,?,00000000,00007FF69768E63B,?,?,00000000,00007FF697690491), ref: 00007FF69768A8D0
                                                                                                                                                • DecodePointer.KERNEL32(?,?,00000000,?,00000040,00000000,00000000,00007FF69768A9E9,?,?,00000000,00007FF69768E63B,?,?,00000000,00007FF697690491), ref: 00007FF69768A8E0
                                                                                                                                                • ExitProcess.KERNEL32 ref: 00007FF69768A96C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DecodePointer$ExitProcess_amsg_exit_lock
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3411037476-0
                                                                                                                                                • Opcode ID: b5a90ec91e7688539324cce18ad1de26dd1e8fa3d9ae9c2edb531a0a43f696c6
                                                                                                                                                • Instruction ID: b1ed0735bdc51c27b646a49524157cfbfbfc23926168e20a3201811b22957772
                                                                                                                                                • Opcode Fuzzy Hash: b5a90ec91e7688539324cce18ad1de26dd1e8fa3d9ae9c2edb531a0a43f696c6
                                                                                                                                                • Instruction Fuzzy Hash: 4A418031A1E60285EE709B11FC4127962A4FF99BC4F5400B5DEADC37A5EF3CE855A301
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768D174, Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __doserrno_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 921712934-0
                                                                                                                                                • Opcode ID: bb77454f859d5d999f3e961c9c2e3b4b09b3e5448fa2ad7abce696d26acb4f57
                                                                                                                                                • Instruction ID: f04d5f92034f4bca0351a43e63beae011600ff310545282995467a51f1ab3562
                                                                                                                                                • Opcode Fuzzy Hash: bb77454f859d5d999f3e961c9c2e3b4b09b3e5448fa2ad7abce696d26acb4f57
                                                                                                                                                • Instruction Fuzzy Hash: BD21B332A1854246FE266B6598A13FD6561EF4B7E1F0541F4EA38C72D2CF7CA841A720
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768F9F0, Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __doserrno_close_nolock_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 186997739-0
                                                                                                                                                • Opcode ID: 63e1e10d21e66d8470324006326e402feb7063d55060a64d07fdeb6361bddf2c
                                                                                                                                                • Instruction ID: 87fbe6c97e6ea84e4f7b2e52e401df5d058f9b0f95fd1f39910d9769047fd921
                                                                                                                                                • Opcode Fuzzy Hash: 63e1e10d21e66d8470324006326e402feb7063d55060a64d07fdeb6361bddf2c
                                                                                                                                                • Instruction Fuzzy Hash: 5911D532E1868295FE256B2998913FC2560DF427E0F1511F4E97D8B6C2CF7CA841A710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976858E6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1315 7ff6976858e6-7ff697685901 call 7ff69768a15c 1318 7ff697685928-7ff697685936 call 7ff697689730 1315->1318 1319 7ff697685903-7ff697685926 call 7ff6976891f0 * 2 call 7ff697689d1c call 7ff69768a060 1315->1319 1323 7ff69768593b-7ff697685941 1318->1323 1326 7ff697685947-7ff697685967 call 7ff697689404 1319->1326 1325 7ff697685a0a-7ff697685a32 call 7ff6976891f0 call 7ff697689078 call 7ff697688fc8 1323->1325 1323->1326 1347 7ff6976859da-7ff6976859ee 1325->1347 1348 7ff697685d12-7ff697685d3b call 7ff697688ee0 1325->1348 1333 7ff697685981-7ff697685991 call 7ff697685e30 1326->1333 1342 7ff697685997-7ff6976859a0 1333->1342 1343 7ff697685830-7ff697685836 1333->1343 1345 7ff6976859a6-7ff6976859ab call 7ff6976891f0 1342->1345 1346 7ff697685a52-7ff697685a54 1342->1346 1349 7ff69768583c-7ff697685846 1343->1349 1350 7ff697685969-7ff697685978 call 7ff6976891f0 1343->1350 1366 7ff6976859b2-7ff6976859c3 call 7ff697689bb4 call 7ff6976856e0 1345->1366 1354 7ff697685a67-7ff697685a6a 1346->1354 1355 7ff697685a56-7ff697685a62 call 7ff6976891f0 1346->1355 1356 7ff697685a02-7ff697685a05 1347->1356 1357 7ff6976859f0-7ff6976859f6 1347->1357 1349->1350 1350->1333 1365 7ff69768597c call 7ff697689078 1350->1365 1362 7ff697685af2-7ff697685afa 1354->1362 1363 7ff697685a70-7ff697685a84 call 7ff697685fc0 1354->1363 1355->1366 1356->1348 1357->1356 1369 7ff6976859f8-7ff6976859fd call 7ff697689d14 1357->1369 1370 7ff697685afc-7ff697685aff 1362->1370 1371 7ff697685b39-7ff697685b46 1362->1371 1380 7ff697685a8a 1363->1380 1381 7ff697685b28-7ff697685b2d call 7ff6976891f0 1363->1381 1365->1333 1366->1347 1369->1356 1370->1371 1372 7ff697685b01-7ff697685b0d call 7ff6976891f0 1370->1372 1375 7ff697685b4c 1371->1375 1376 7ff697685d10 1371->1376 1390 7ff697685b17-7ff697685b1c call 7ff6976891f0 1372->1390 1391 7ff697685b0f-7ff697685b12 call 7ff69768a204 1372->1391 1382 7ff697685b50-7ff697685b76 call 7ff69768a15c 1375->1382 1376->1348 1387 7ff697685a8c-7ff697685a8f 1380->1387 1388 7ff697685ae4 1380->1388 1381->1371 1398 7ff697685b78-7ff697685b83 call 7ff6976891f0 1382->1398 1399 7ff697685bcf-7ff697685be4 call 7ff697689730 1382->1399 1395 7ff697685aa6 1387->1395 1396 7ff697685a91-7ff697685a93 1387->1396 1394 7ff697685ae6 1388->1394 1390->1381 1391->1390 1394->1347 1404 7ff697685aec 1394->1404 1401 7ff697685aa8-7ff697685aaf 1395->1401 1402 7ff697685ab1-7ff697685ac3 1395->1402 1396->1394 1397 7ff697685a95-7ff697685aa1 call 7ff6976891f0 1396->1397 1397->1347 1420 7ff6976859d5 call 7ff697689bb4 1397->1420 1415 7ff697685d3c-7ff697685d43 1398->1415 1416 7ff697685b89-7ff697685ba8 call 7ff6976891f0 call 7ff697689d1c call 7ff69768a060 1398->1416 1418 7ff697685bea-7ff697685bee 1399->1418 1419 7ff697685da9-7ff697685db5 call 7ff6976891f0 1399->1419 1407 7ff697685ac7-7ff697685adf call 7ff6976891f0 call 7ff697689078 1401->1407 1402->1407 1404->1362 1407->1347 1426 7ff697685d45-7ff697685d48 1415->1426 1427 7ff697685d52-7ff697685d57 call 7ff6976891f0 1415->1427 1416->1418 1474 7ff697685baa-7ff697685bcd call 7ff6976891f0 * 2 call 7ff697689d1c call 7ff69768a060 1416->1474 1424 7ff697685c42-7ff697685c46 1418->1424 1425 7ff697685bf0-7ff697685bf3 1418->1425 1441 7ff697685db7-7ff697685dba 1419->1441 1442 7ff697685dc4-7ff697685dcc call 7ff6976891f0 1419->1442 1420->1347 1429 7ff697685c48-7ff697685c4b 1424->1429 1430 7ff697685cb5-7ff697685cbd call 7ff6976891f0 1424->1430 1434 7ff697685c2b-7ff697685c3b call 7ff697683750 1425->1434 1435 7ff697685bf5-7ff697685c25 call 7ff69768910c call 7ff697689730 1425->1435 1426->1427 1436 7ff697685d4a-7ff697685d4d call 7ff69768a204 1426->1436 1456 7ff697685d63-7ff697685d6b call 7ff6976891f0 1427->1456 1439 7ff697685c4d-7ff697685c98 call 7ff697689404 call 7ff697689730 1429->1439 1440 7ff697685c9e-7ff697685cae call 7ff697684840 1429->1440 1462 7ff697685ccc-7ff697685cd8 call 7ff6976891f0 1430->1462 1463 7ff697685cbf-7ff697685cc2 1430->1463 1447 7ff697685c40 1434->1447 1435->1434 1435->1456 1436->1427 1439->1440 1439->1456 1455 7ff697685cb3 1440->1455 1441->1442 1449 7ff697685dbc-7ff697685dbf call 7ff69768a204 1441->1449 1447->1455 1449->1442 1455->1430 1477 7ff697685d6d-7ff697685d70 1456->1477 1478 7ff697685d7a-7ff697685d84 call 7ff6976891f0 1456->1478 1475 7ff697685cda-7ff697685cdd 1462->1475 1476 7ff697685cef-7ff697685cf1 1462->1476 1463->1462 1464 7ff697685cc4-7ff697685cc7 call 7ff69768a204 1463->1464 1464->1462 1474->1418 1475->1476 1480 7ff697685cdf-7ff697685ce2 call 7ff69768a204 1475->1480 1476->1347 1482 7ff697685cf7-7ff697685d0a 1476->1482 1477->1478 1481 7ff697685d72-7ff697685d75 call 7ff69768a204 1477->1481 1492 7ff697685d90-7ff697685d92 1478->1492 1490 7ff697685ce7-7ff697685ce9 1480->1490 1481->1478 1482->1376 1482->1382 1490->1476 1490->1492 1492->1347 1494 7ff697685d98-7ff697685d9d call 7ff6976891f0 1492->1494 1494->1419
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$wcsncpy
                                                                                                                                                • String ID: Error opening output file %s:$Error: No file argument specified
                                                                                                                                                • API String ID: 3818259516-2355036129
                                                                                                                                                • Opcode ID: 1ea59089b632a4abd0b6fa2749e4329ccf053920aeb24019285bf0d8b2f70447
                                                                                                                                                • Instruction ID: 1415d07480399da29fd1c89e6f87280fbbae480e8b79dc07a4cab600c0bb0ea1
                                                                                                                                                • Opcode Fuzzy Hash: 1ea59089b632a4abd0b6fa2749e4329ccf053920aeb24019285bf0d8b2f70447
                                                                                                                                                • Instruction Fuzzy Hash: ED310C31A2C64785EF30AB20D8952F95221EF927E4F9000B6DA3EC76D6DE2CE546E300
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976898B4, Relevance: 6.2, APIs: 4, Instructions: 170COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1499 7ff6976898b4-7ff6976898e7 1500 7ff697689903 1499->1500 1501 7ff6976898e9-7ff6976898ec 1499->1501 1502 7ff697689905-7ff697689919 1500->1502 1501->1500 1503 7ff6976898ee-7ff6976898f1 1501->1503 1504 7ff6976898f3-7ff6976898f8 call 7ff69768c1cc 1503->1504 1505 7ff69768991a-7ff697689925 1503->1505 1515 7ff6976898fe call 7ff69768c164 1504->1515 1507 7ff697689935-7ff697689939 1505->1507 1508 7ff697689927-7ff697689933 1505->1508 1511 7ff69768994b-7ff69768994e 1507->1511 1512 7ff69768993b-7ff697689948 call 7ff69768c270 1507->1512 1508->1507 1510 7ff69768995e-7ff69768996f 1508->1510 1513 7ff697689971-7ff697689975 1510->1513 1514 7ff697689977 1510->1514 1511->1504 1517 7ff697689950-7ff69768995c 1511->1517 1512->1511 1518 7ff69768997d-7ff697689982 1513->1518 1514->1518 1515->1500 1517->1504 1517->1510 1521 7ff697689985 1518->1521 1522 7ff697689ae3-7ff697689ae6 1521->1522 1523 7ff69768998b-7ff697689998 1521->1523 1522->1502 1524 7ff6976899f8-7ff6976899fe 1523->1524 1525 7ff69768999a-7ff6976899a1 1523->1525 1528 7ff697689a00-7ff697689a03 1524->1528 1529 7ff697689a68-7ff697689a6b call 7ff69768ebd4 1524->1529 1526 7ff6976899f3 1525->1526 1527 7ff6976899a3 1525->1527 1526->1524 1530 7ff697689ac9 1527->1530 1531 7ff6976899a9-7ff6976899b6 1527->1531 1533 7ff697689a25-7ff697689a2b 1528->1533 1534 7ff697689a05-7ff697689a0a 1528->1534 1541 7ff697689a70-7ff697689a73 1529->1541 1540 7ff697689acd-7ff697689ad8 1530->1540 1538 7ff697689aa6-7ff697689aaa 1531->1538 1539 7ff6976899bc-7ff6976899db call 7ff69768f568 1531->1539 1537 7ff697689a2f-7ff697689a35 1533->1537 1535 7ff697689a17-7ff697689a1d 1534->1535 1536 7ff697689a0c-7ff697689a15 1534->1536 1542 7ff697689a20-7ff697689a23 1535->1542 1536->1542 1537->1538 1545 7ff697689a37-7ff697689a53 call 7ff697689d1c call 7ff69768f44c 1537->1545 1543 7ff697689ab9-7ff697689ac4 call 7ff69768c1cc 1538->1543 1544 7ff697689aac-7ff697689ab4 call 7ff69768c270 1538->1544 1556 7ff6976899de-7ff6976899ee 1539->1556 1540->1502 1541->1540 1547 7ff697689a75-7ff697689a7d 1541->1547 1542->1537 1543->1515 1544->1543 1559 7ff697689a59-7ff697689a5c 1545->1559 1560 7ff697689add-7ff697689ae1 1545->1560 1547->1538 1548 7ff697689a7f-7ff697689a8f 1547->1548 1553 7ff697689a94-7ff697689aa1 1548->1553 1553->1521 1556->1553 1559->1530 1561 7ff697689a5e-7ff697689a63 1559->1561 1560->1540 1561->1556
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfomemcpy_s
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1165161347-0
                                                                                                                                                • Opcode ID: bafd9cc178ddeebbbd2594039f02762465be6a3ec6cd1abc9be38599456612f4
                                                                                                                                                • Instruction ID: 820839c4799282dff36d4ea85624f6f559a2b2bb5f1968538a90d9b47401178e
                                                                                                                                                • Opcode Fuzzy Hash: bafd9cc178ddeebbbd2594039f02762465be6a3ec6cd1abc9be38599456612f4
                                                                                                                                                • Instruction Fuzzy Hash: 6B51B231B0D34286EE348B6695005B96694FB47BE4F184770EF7D9BBD1DE3CE851A600
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768B158, Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1562 7ff69768b158-7ff69768b183 call 7ff697689d1c 1565 7ff69768b185-7ff69768b18a call 7ff69768c1cc 1562->1565 1566 7ff69768b19c-7ff69768b19f 1562->1566 1579 7ff69768b190 1565->1579 1567 7ff69768b1ae-7ff69768b1b3 1566->1567 1568 7ff69768b1a1-7ff69768b1ac call 7ff69768c1cc 1566->1568 1571 7ff69768b1ce-7ff69768b1e2 1567->1571 1572 7ff69768b1b5-7ff69768b1bb 1567->1572 1568->1579 1577 7ff69768b213-7ff69768b21a 1571->1577 1578 7ff69768b1e4-7ff69768b1f0 call 7ff6976891f0 1571->1578 1575 7ff69768b1c1-7ff69768b1cb 1572->1575 1576 7ff69768b24a-7ff69768b250 1572->1576 1575->1571 1582 7ff69768b194-7ff69768b197 1576->1582 1580 7ff69768b220-7ff69768b23a 1577->1580 1581 7ff69768b2ad-7ff69768b2c1 call 7ff69768d174 1577->1581 1593 7ff69768b200-7ff69768b209 call 7ff697691584 1578->1593 1594 7ff69768b1f2-7ff69768b1fe call 7ff6976891f0 1578->1594 1579->1582 1585 7ff69768b255-7ff69768b258 1580->1585 1586 7ff69768b23c-7ff69768b241 call 7ff69768d174 1580->1586 1595 7ff69768b2c3-7ff69768b2c5 1581->1595 1588 7ff69768b2d0-7ff69768b2e4 1582->1588 1591 7ff69768b25a-7ff69768b25d 1585->1591 1592 7ff69768b27d 1585->1592 1596 7ff69768b246-7ff69768b248 1586->1596 1591->1592 1597 7ff69768b25f-7ff69768b27b 1591->1597 1599 7ff69768b284-7ff69768b288 1592->1599 1593->1577 1606 7ff69768b20b-7ff69768b20e call 7ff697691530 1593->1606 1594->1593 1594->1606 1595->1579 1601 7ff69768b2cb 1595->1601 1602 7ff69768b2a1-7ff69768b2ab 1596->1602 1597->1599 1599->1602 1604 7ff69768b28a-7ff69768b29b call 7ff69769144c 1599->1604 1601->1588 1602->1595 1604->1579 1604->1602 1606->1577
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$_getbuf_invalid_parameter_noinfo_isatty
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3655708593-0
                                                                                                                                                • Opcode ID: 235a15e84f851ad925ce755d767c74b27106f3bb69e90eaad664d58338717102
                                                                                                                                                • Instruction ID: b7ea533678fcd5dfed12532364c549656846133ef23006694ef6e5a1d0d4a8d3
                                                                                                                                                • Opcode Fuzzy Hash: 235a15e84f851ad925ce755d767c74b27106f3bb69e90eaad664d58338717102
                                                                                                                                                • Instruction Fuzzy Hash: 6F41C472A1878646EF399F28C4612BC36A0EB86BD4F140275DA7D873D5EE3CE851E740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697689730, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                • Opcode ID: 6b8eb61a5cfe6eab0d4114e4ea9e7798f106f6131fb2c7af8667512e52f57969
                                                                                                                                                • Instruction ID: 1b955e112ddf3cf70ba81b4a1ea43118ce415644d63337e195b0b72980844a7e
                                                                                                                                                • Opcode Fuzzy Hash: 6b8eb61a5cfe6eab0d4114e4ea9e7798f106f6131fb2c7af8667512e52f57969
                                                                                                                                                • Instruction Fuzzy Hash: 50216F35A0874382FE315B12A8012BEA2A4FF47BC4F0444B0EAADD7795DE7CE891A700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697689D44, Relevance: 4.6, APIs: 3, Instructions: 124COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1637 7ff697689d44-7ff697689d6f 1638 7ff697689d71-7ff697689d74 1637->1638 1639 7ff697689d8b 1637->1639 1638->1639 1641 7ff697689d76-7ff697689d79 1638->1641 1640 7ff697689d8d-7ff697689da9 1639->1640 1642 7ff697689daa-7ff697689dad 1641->1642 1643 7ff697689d7b-7ff697689d86 call 7ff69768c1cc call 7ff69768c164 1641->1643 1642->1643 1644 7ff697689daf-7ff697689dbb 1642->1644 1643->1639 1644->1643 1647 7ff697689dbd-7ff697689dcf 1644->1647 1649 7ff697689dd1-7ff697689dd5 1647->1649 1650 7ff697689dd7 1647->1650 1651 7ff697689ddd 1649->1651 1650->1651 1652 7ff697689de0 1651->1652 1653 7ff697689ec6-7ff697689ec9 1652->1653 1654 7ff697689de6-7ff697689dee 1652->1654 1653->1640 1655 7ff697689df0-7ff697689df5 1654->1655 1656 7ff697689e2c-7ff697689e32 1654->1656 1655->1656 1659 7ff697689df7 1655->1659 1657 7ff697689e34-7ff697689e36 1656->1657 1658 7ff697689e98-7ff697689e9f call 7ff69768b158 1656->1658 1661 7ff697689e44-7ff697689e47 1657->1661 1662 7ff697689e38-7ff697689e42 call 7ff69768944c 1657->1662 1666 7ff697689ea4-7ff697689ea7 1658->1666 1663 7ff697689e84 1659->1663 1664 7ff697689dfd-7ff697689e27 call 7ff69768f600 1659->1664 1668 7ff697689e57 1661->1668 1669 7ff697689e49-7ff697689e55 1661->1669 1662->1661 1665 7ff697689e88-7ff697689e93 1662->1665 1663->1665 1675 7ff697689ebe-7ff697689ec1 1664->1675 1665->1640 1666->1665 1672 7ff697689ea9-7ff697689eb9 1666->1672 1674 7ff697689e59-7ff697689e71 call 7ff697689d1c call 7ff69768d174 1668->1674 1669->1674 1672->1675 1674->1663 1680 7ff697689e73-7ff697689e82 1674->1680 1675->1652 1680->1663 1680->1675
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_flush_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2816740245-0
                                                                                                                                                • Opcode ID: 936ae0566bb195d8b879ce566efacac7cde4e3e0a55bbd6cc8ab34ec97f7549b
                                                                                                                                                • Instruction ID: f14f1b374367122da5ba2a15d3f00a765c625e6392e68426955c0d2231e44469
                                                                                                                                                • Opcode Fuzzy Hash: 936ae0566bb195d8b879ce566efacac7cde4e3e0a55bbd6cc8ab34ec97f7549b
                                                                                                                                                • Instruction Fuzzy Hash: DB411731B0CB4246EE388F6295482BAAA90EF47BD4F180674EF7DC6AD5DE3CE4419604
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768EBD4, Relevance: 4.6, APIs: 3, Instructions: 95COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1681 7ff69768ebd4-7ff69768ebe9 1682 7ff69768ec00-7ff69768ec05 1681->1682 1683 7ff69768ebeb-7ff69768ebfb call 7ff69768c1cc call 7ff69768c164 1681->1683 1685 7ff69768ed13 1682->1685 1686 7ff69768ec0b-7ff69768ec0d 1682->1686 1683->1685 1689 7ff69768ed16-7ff69768ed25 1685->1689 1686->1685 1688 7ff69768ec13-7ff69768ec15 1686->1688 1691 7ff69768ec22-7ff69768ec2d 1688->1691 1692 7ff69768ec17-7ff69768ec1d 1688->1692 1694 7ff69768ec2f-7ff69768ec34 call 7ff697691530 1691->1694 1695 7ff69768ec36-7ff69768ec3a 1691->1695 1692->1685 1696 7ff69768ec3d-7ff69768ec4f call 7ff697689d1c call 7ff69768f44c 1694->1696 1695->1696 1702 7ff69768ec54-7ff69768ec59 1696->1702 1703 7ff69768ec5f-7ff69768ec62 1702->1703 1704 7ff69768ed02-7ff69768ed0f 1702->1704 1703->1704 1705 7ff69768ec68-7ff69768ec6c 1703->1705 1704->1685 1706 7ff69768ec6e-7ff69768ec79 call 7ff697689d1c 1705->1706 1707 7ff69768eccd-7ff69768ecd4 1705->1707 1713 7ff69768ecb7 1706->1713 1714 7ff69768ec7b-7ff69768ec86 call 7ff697689d1c 1706->1714 1708 7ff69768ecf1-7ff69768ed00 1707->1708 1709 7ff69768ecd6-7ff69768ecda 1707->1709 1708->1689 1709->1708 1711 7ff69768ecdc-7ff69768ecee 1709->1711 1711->1708 1715 7ff69768ecbe-7ff69768ecc6 1713->1715 1714->1713 1719 7ff69768ec88-7ff69768ecb5 call 7ff697689d1c * 2 1714->1719 1715->1707 1717 7ff69768ecc8 1715->1717 1717->1707 1719->1715
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                • Opcode ID: 10e8f31c0f21cb328ce5fdb4828a7a4d70167c430373ff5283243d8142f3e8e2
                                                                                                                                                • Instruction ID: 07dc1168ae068785e5a5d75483335176fc39abe0f93c4fb26c0daddf0f404158
                                                                                                                                                • Opcode Fuzzy Hash: 10e8f31c0f21cb328ce5fdb4828a7a4d70167c430373ff5283243d8142f3e8e2
                                                                                                                                                • Instruction Fuzzy Hash: A741A332E0864242EF748B2995452B876A0EB17BD4F280571DBBDC36C1CF2CE462E744
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697689514, Relevance: 4.6, APIs: 3, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _fflush_nolock$_amsg_exit_lock
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1679097844-0
                                                                                                                                                • Opcode ID: 94ec41de16d9da9aa583bfcf5c6d48426ec4209ddf88899d56100d5d9110c7a3
                                                                                                                                                • Instruction ID: d92ffacfac295dc21b90dbb81280fd240c133b00387b34236be87c74403d23b8
                                                                                                                                                • Opcode Fuzzy Hash: 94ec41de16d9da9aa583bfcf5c6d48426ec4209ddf88899d56100d5d9110c7a3
                                                                                                                                                • Instruction Fuzzy Hash: 9321DE72908B4641EE309B25D4802AAB7A1FB97BD8F1416B5DF6D832E5CF3CE840E741
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69769123C, Relevance: 4.5, APIs: 3, Instructions: 46memoryCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocateHeap_callnewh_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 638267422-0
                                                                                                                                                • Opcode ID: ba9aaab597774eadb720e42dff618df2e51b796954eb66d54718da7c3654391e
                                                                                                                                                • Instruction ID: b8ce2bb9733d9baec925a284221c494b566660faf2924e37ab2a023139772a00
                                                                                                                                                • Opcode Fuzzy Hash: ba9aaab597774eadb720e42dff618df2e51b796954eb66d54718da7c3654391e
                                                                                                                                                • Instruction Fuzzy Hash: 5F115E31B0D206C5FE796B65D6443B962E1DF64BE4F2886B1CE3DC66C4DE3CA480A200
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697690750, Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$CreateInformationVersion
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3563531100-0
                                                                                                                                                • Opcode ID: 3f30d392d9e22db7cee4156eec648a2f915f3c65e943b9454f43e1b22c597bbb
                                                                                                                                                • Instruction ID: 5d0eab1f83689f5b30bda1485fa6cc96713f5438b30d1d35a3508c6ffb09ea9e
                                                                                                                                                • Opcode Fuzzy Hash: 3f30d392d9e22db7cee4156eec648a2f915f3c65e943b9454f43e1b22c597bbb
                                                                                                                                                • Instruction Fuzzy Hash: 0CE09234A1974382FFA55724E8557752260FFA83D1F901075D95EC2794DF3DD0459B00
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697692FB8, Relevance: 3.1, APIs: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                • Opcode ID: a4b350c304c85e033370b9e36e3b5e1013ef79eb8be360b1c2e68ae2ebc069b7
                                                                                                                                                • Instruction ID: 4ab8ec17cb8fec7bd6795f9456fa7b63a7208a271903b396863c72acb4077e9e
                                                                                                                                                • Opcode Fuzzy Hash: a4b350c304c85e033370b9e36e3b5e1013ef79eb8be360b1c2e68ae2ebc069b7
                                                                                                                                                • Instruction Fuzzy Hash: C821D1327187438AEFB58B29E98127D76A0EB507D4F084274EA6EC76E5DF2CD850DB00
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697689AEC, Relevance: 3.0, APIs: 2, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                • Opcode ID: 1a5f02348ffca2c39cb4ac145a08f289089de7acbedd38a1f9fba3ef7dabbea0
                                                                                                                                                • Instruction ID: 392ad2636fca5a27dd8fdfc0660923223fbf349db6cd3a63f43d2acae33c9bc6
                                                                                                                                                • Opcode Fuzzy Hash: 1a5f02348ffca2c39cb4ac145a08f289089de7acbedd38a1f9fba3ef7dabbea0
                                                                                                                                                • Instruction Fuzzy Hash: AB11A571A0874141EE24DB52A9400EAA275EF47FE0F5846B1EF7D877D6DE3CE401A300
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697689ED0, Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                • Opcode ID: ae1d4774d0486923e578b792778cf7e53538a94a11c915de440f40b19f1c52ba
                                                                                                                                                • Instruction ID: 81a5292c5c87523688695e993227187338f10a5187850db8b4895e8abb1199d8
                                                                                                                                                • Opcode Fuzzy Hash: ae1d4774d0486923e578b792778cf7e53538a94a11c915de440f40b19f1c52ba
                                                                                                                                                • Instruction Fuzzy Hash: 4B01AD71B1878241EE799B12AA411E962A8EF57FC0B0C50F0EF6DD7B86DE2CE450A700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69769030C, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: EnvironmentStrings$Free
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3328510275-0
                                                                                                                                                • Opcode ID: 5737fcfbd4457ca073cc79d906ff30093da2433cc3efab02996693838a2f8bd0
                                                                                                                                                • Instruction ID: 5894b2bb0230f4137ba44e443e2c1fe11ad9cb13c864cb61e0fe4783f6e9eba0
                                                                                                                                                • Opcode Fuzzy Hash: 5737fcfbd4457ca073cc79d906ff30093da2433cc3efab02996693838a2f8bd0
                                                                                                                                                • Instruction Fuzzy Hash: 4A018B22E0978386EE70AF52A64106A62A0EFA8BC0B484071DB5D87B85EE2CE4809340
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976901D4, Relevance: 2.6, APIs: 2, Instructions: 82COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • free.LIBCMT ref: 00007FF6976902A6
                                                                                                                                                  • Part of subcall function 00007FF69768C0C0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69768C162), ref: 00007FF69768C0D8
                                                                                                                                                • free.LIBCMT ref: 00007FF6976902F8
                                                                                                                                                  • Part of subcall function 00007FF69768E314: HeapFree.KERNEL32(?,?,00000000,00007FF69769055C,?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF69768E32A
                                                                                                                                                  • Part of subcall function 00007FF69768E314: _errno.LIBCMT ref: 00007FF69768E334
                                                                                                                                                  • Part of subcall function 00007FF69768E314: GetLastError.KERNEL32(?,?,00000000,00007FF69769055C,?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF69768E33C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: free$CurrentErrorFreeHeapLastProcess_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3424231777-0
                                                                                                                                                • Opcode ID: 919c352f93d7e12ceeff53492b4a66b6fa39c05595bf4703ca4171d1f0e24b1d
                                                                                                                                                • Instruction ID: fa6bb95fc6a6a79376f3cad8b89fa6e787368e1a8013146f92491be3e513e99a
                                                                                                                                                • Opcode Fuzzy Hash: 919c352f93d7e12ceeff53492b4a66b6fa39c05595bf4703ca4171d1f0e24b1d
                                                                                                                                                • Instruction Fuzzy Hash: 1A316536A08A4381EF649F15A8512B923A4EFA5BC0F6841B6DE6C87795EF7CE450E300
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768AE80, Relevance: 2.5, APIs: 2, Instructions: 35sleepCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • malloc.LIBCMT ref: 00007FF69768AEAB
                                                                                                                                                  • Part of subcall function 00007FF697691184: _FF_MSGBANNER.LIBCMT ref: 00007FF6976911B4
                                                                                                                                                  • Part of subcall function 00007FF697691184: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF69768AEB0,?,?,00000000,00007FF69768E585,?,?,00000040,00007FF69768E62F,?,?,00000000,00007FF697690491), ref: 00007FF6976911D9
                                                                                                                                                  • Part of subcall function 00007FF697691184: _callnewh.LIBCMT ref: 00007FF6976911F2
                                                                                                                                                  • Part of subcall function 00007FF697691184: _errno.LIBCMT ref: 00007FF6976911FD
                                                                                                                                                  • Part of subcall function 00007FF697691184: _errno.LIBCMT ref: 00007FF697691208
                                                                                                                                                • Sleep.KERNEL32(?,?,00000000,00007FF69768E585,?,?,00000040,00007FF69768E62F,?,?,00000000,00007FF697690491,?,?,00000000,00007FF697690548), ref: 00007FF69768AEBE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$AllocateHeapSleep_callnewhmalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3606348469-0
                                                                                                                                                • Opcode ID: c9354145a17a5f32fc41151d9e02bb5dbc7fadae0cec99e402935cc971035593
                                                                                                                                                • Instruction ID: 602bb6d8c014ae3bebf9668a0571f87037d350d83b033168b1362290946e9b7a
                                                                                                                                                • Opcode Fuzzy Hash: c9354145a17a5f32fc41151d9e02bb5dbc7fadae0cec99e402935cc971035593
                                                                                                                                                • Instruction Fuzzy Hash: 2F01F932614B8986EE609F06940006973A1FBD8FD0F580175EE6D47740EF3CF851D780
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697690CB8, Relevance: 1.5, APIs: 1, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RtlEncodePointer.NTDLL(?,?,?,00007FF69768A77F,?,?,?,00007FF69768A5B0), ref: 00007FF697690CD1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2118026453-0
                                                                                                                                                • Opcode ID: 5733df841f9bf30cc15ed05bea90cba109e432d79c459d623e3a59b01b312717
                                                                                                                                                • Instruction ID: 4daadaf642cfb1d86fd9fb1059801309af6e3eafe3e3befad7500e4a9051932e
                                                                                                                                                • Opcode Fuzzy Hash: 5733df841f9bf30cc15ed05bea90cba109e432d79c459d623e3a59b01b312717
                                                                                                                                                • Instruction Fuzzy Hash: 13D05E32B58E42D2EF618B11F58127863A0FB98BD4F588071DA6D46758DE3CC8D9C704
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768AF00, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • Sleep.KERNEL32(?,?,00000000,00007FF697690523,?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF69768AF45
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Sleep_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1068366078-0
                                                                                                                                                • Opcode ID: c9e4a5acadd13c4e2dd1f84ce208ee271624fa232cbad97947f2fc3aa18bbc0b
                                                                                                                                                • Instruction ID: 05256624bfb3ccfe08db68db2f34372a7ccfc28b1cd7f4772e22bfd113c55537
                                                                                                                                                • Opcode Fuzzy Hash: c9e4a5acadd13c4e2dd1f84ce208ee271624fa232cbad97947f2fc3aa18bbc0b
                                                                                                                                                • Instruction Fuzzy Hash: A801D132A24B858AEE649F169801069B7A5FBD8FD0B481176EE6D43B90DF3CE852C700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00007FF69768FD60, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 159fileCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File_set_error_mode$CurrentHandleModuleNameProcessWrite
                                                                                                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                • API String ID: 2183313154-4022980321
                                                                                                                                                • Opcode ID: b2b6d3fd1844aa9a2b4110a9fbfff80b50738361aa8b93c70a8fac5b9b47c4a8
                                                                                                                                                • Instruction ID: 58a490ba94165f3ac715696d40e6128e5cb8098f5b603d25a130f93fc5864b4c
                                                                                                                                                • Opcode Fuzzy Hash: b2b6d3fd1844aa9a2b4110a9fbfff80b50738361aa8b93c70a8fac5b9b47c4a8
                                                                                                                                                • Instruction Fuzzy Hash: D351C031B1868282EF74DB25A8157FA62A4EF9A7C4F5401B6EE7DC3A85DF3CE105D200
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697688EE0, Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3778485334-0
                                                                                                                                                • Opcode ID: 9d82bf5d351ed8ca9f04b91f331032513dffe6bf735954c8d6f8faddd7f0500b
                                                                                                                                                • Instruction ID: f835c025b8ee9fb218687db8589d7dff2a79d6e588e0b2c087348d0a7ad7b9fe
                                                                                                                                                • Opcode Fuzzy Hash: 9d82bf5d351ed8ca9f04b91f331032513dffe6bf735954c8d6f8faddd7f0500b
                                                                                                                                                • Instruction Fuzzy Hash: DA311935919B46C5EF609B50F880369B3A0FB997D0F5000BADAAD837A5EF7CE444E740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768BF74, Relevance: 9.1, APIs: 6, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                • Opcode ID: d680cdb66cb2873576b8555f3def3de59f08e11caafc9dd8a5efb4c52c37d403
                                                                                                                                                • Instruction ID: abe4bdb48c726f8a3db7ce1198da3e582a9a36a69d8eb301989411b88f499f52
                                                                                                                                                • Opcode Fuzzy Hash: d680cdb66cb2873576b8555f3def3de59f08e11caafc9dd8a5efb4c52c37d403
                                                                                                                                                • Instruction Fuzzy Hash: 2D315F32608B8286EF70CF25E8407AE73A4FB95794F500275EAAD83B95DF38D549DB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697693C88, Relevance: 107.7, APIs: 86, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1012874770-0
                                                                                                                                                • Opcode ID: 0c66bc2e7fb6885d9f4da974c2dcd87f12f48d00c2e8f31fd38ef849243fe096
                                                                                                                                                • Instruction ID: 782e7fda737b95150455a9d317c64bf1fa0fd5112267a763bc12069a22a6f1f7
                                                                                                                                                • Opcode Fuzzy Hash: 0c66bc2e7fb6885d9f4da974c2dcd87f12f48d00c2e8f31fd38ef849243fe096
                                                                                                                                                • Instruction Fuzzy Hash: 86A16332A19586C2EE61EBB1C8952FC1320EF86F84F044176FAAD8B5A7CE14DC45D362
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976932D0, Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 136libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Pointer$AddressDecodeEncodeProc$LibraryLoad
                                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                                                                                                                • API String ID: 2643518689-564504941
                                                                                                                                                • Opcode ID: 1b60599b47b6f2fcc2b612a8073123bdd8ff8bf8d69625b38e21e9bf14989da9
                                                                                                                                                • Instruction ID: 198e99734e8a55b8e363e7a553c1fc59b0d09174236c8cf964cd8cc123c5528e
                                                                                                                                                • Opcode Fuzzy Hash: 1b60599b47b6f2fcc2b612a8073123bdd8ff8bf8d69625b38e21e9bf14989da9
                                                                                                                                                • Instruction Fuzzy Hash: 24510934A0AB0391FE759B56BC5413823A0EF69FD0F4510B9CC2EC77A1EE3CA849A351
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697691F5C, Relevance: 19.6, APIs: 13, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: free$ErrorFreeHeapLast__free_lconv_mon__free_lconv_num_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 518839503-0
                                                                                                                                                • Opcode ID: afbe466903b1bad4d705fb13c7027db65052f1568c9cdbd5fab09c6af889c9bd
                                                                                                                                                • Instruction ID: 086caef5b3d43e9de20a0e43fec89225d171344ef47e8a64b4a469eb729d6eaf
                                                                                                                                                • Opcode Fuzzy Hash: afbe466903b1bad4d705fb13c7027db65052f1568c9cdbd5fab09c6af889c9bd
                                                                                                                                                • Instruction Fuzzy Hash: BC411032A0958685EFB9DF61C4503FC23A0EF94FD4F1800B5DA6D8B295DF6CA891E311
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976943E8, Relevance: 18.1, APIs: 12, Instructions: 115memoryfileCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$Heap$ErrorFileLastProcess__doserrno$AllocFreePointer
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3112900366-0
                                                                                                                                                • Opcode ID: 8fa5c975ca1302a5621f48dab1f57444fa0cfd130c2beb9aa4edf79659a3bef6
                                                                                                                                                • Instruction ID: 8cd28b7fe62e4dc7cfeffcf674d996efbf65bd7749f0f2b23d1114dbfb59328f
                                                                                                                                                • Opcode Fuzzy Hash: 8fa5c975ca1302a5621f48dab1f57444fa0cfd130c2beb9aa4edf79659a3bef6
                                                                                                                                                • Instruction Fuzzy Hash: F041C432B0865245EE396B2598001BE3691EF55FF4F1447B0EE7D877D6DE3CE406A600
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697693744, Relevance: 15.2, APIs: 10, Instructions: 206COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiStringWide$_errnofreemalloc$AllocateHeap_callnewh
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1390791636-0
                                                                                                                                                • Opcode ID: 11be6be9f369e93f683f6a8170eaf3fd29ff5d98fc1515839b7da019f3569823
                                                                                                                                                • Instruction ID: 1c704b6a57643b5308b83394124edfdf62ecfd1bc95c93c0322e3a8ceeeb826d
                                                                                                                                                • Opcode Fuzzy Hash: 11be6be9f369e93f683f6a8170eaf3fd29ff5d98fc1515839b7da019f3569823
                                                                                                                                                • Instruction Fuzzy Hash: 88819232B0878286EF348F26944026976A5FB55BE4F54427AEA7DC7BD4EF3CD8009300
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697692250, Relevance: 15.1, APIs: 10, Instructions: 123COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2295021086-0
                                                                                                                                                • Opcode ID: 566035e36478186dd9b37d364e25fd0c6083275eb929e70b6505bb55b334f3a2
                                                                                                                                                • Instruction ID: 1231aea19e51abecc575ad909b5fcf439b87a92b26a26f618711b96bad7d84b6
                                                                                                                                                • Opcode Fuzzy Hash: 566035e36478186dd9b37d364e25fd0c6083275eb929e70b6505bb55b334f3a2
                                                                                                                                                • Instruction Fuzzy Hash: A3516232F097429EFF799B60C4813FC26A0EF61BE4F5441B0DA6D86AD5DF2CA441A701
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976908D0, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 159COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DecodePointer_errno_invalid_parameter_noinfo_lock
                                                                                                                                                • String ID: ;,$;,$;,$;,
                                                                                                                                                • API String ID: 27599310-848503248
                                                                                                                                                • Opcode ID: 8f543041265930e3a5cc53c945aa37d58d1b047566755cc9ac1f792daf5a0a99
                                                                                                                                                • Instruction ID: 1c6c354d36e1377325b8335dfdf6b312cf4bd7fb64ed2d226f9e34548805f086
                                                                                                                                                • Opcode Fuzzy Hash: 8f543041265930e3a5cc53c945aa37d58d1b047566755cc9ac1f792daf5a0a99
                                                                                                                                                • Instruction Fuzzy Hash: A7519F32E0C64386FE758B24A44027E66A1EFA57C4F2491B5DA7EC2A95DF3CFC41E241
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697685FC0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: wprintf$_getwch$fflush
                                                                                                                                                • String ID: Enter password: $Re-
                                                                                                                                                • API String ID: 639105918-153011214
                                                                                                                                                • Opcode ID: 316d47cdd9c8665c01b12bba5576ed5c28c83b10aaa8f5201f46697b4bd26d3b
                                                                                                                                                • Instruction ID: 51ffa1021bfc46a36866d2fc6086b654fb8be063d694104b58c5885dfb04d064
                                                                                                                                                • Opcode Fuzzy Hash: 316d47cdd9c8665c01b12bba5576ed5c28c83b10aaa8f5201f46697b4bd26d3b
                                                                                                                                                • Instruction Fuzzy Hash: EF41B531A1869681EE309719DA113B92691FB467D4F9402B1EEBEC33D7DE3CE442E704
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768E524, Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • _FF_MSGBANNER.LIBCMT ref: 00007FF69768E54B
                                                                                                                                                  • Part of subcall function 00007FF69768FFC0: _set_error_mode.LIBCMT ref: 00007FF69768FFC9
                                                                                                                                                  • Part of subcall function 00007FF69768FFC0: _set_error_mode.LIBCMT ref: 00007FF69768FFD8
                                                                                                                                                  • Part of subcall function 00007FF69768FD60: _set_error_mode.LIBCMT ref: 00007FF69768FDA5
                                                                                                                                                  • Part of subcall function 00007FF69768FD60: _set_error_mode.LIBCMT ref: 00007FF69768FDB6
                                                                                                                                                  • Part of subcall function 00007FF69768FD60: GetModuleFileNameW.KERNEL32 ref: 00007FF69768FE18
                                                                                                                                                  • Part of subcall function 00007FF69768A668: ExitProcess.KERNEL32 ref: 00007FF69768A677
                                                                                                                                                  • Part of subcall function 00007FF69768AE80: malloc.LIBCMT ref: 00007FF69768AEAB
                                                                                                                                                  • Part of subcall function 00007FF69768AE80: Sleep.KERNEL32(?,?,00000000,00007FF69768E585,?,?,00000040,00007FF69768E62F,?,?,00000000,00007FF697690491,?,?,00000000,00007FF697690548), ref: 00007FF69768AEBE
                                                                                                                                                • _errno.LIBCMT ref: 00007FF69768E58D
                                                                                                                                                • _lock.LIBCMT ref: 00007FF69768E5A1
                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000040,00007FF69768E62F,?,?,00000000,00007FF697690491,?,?,00000000,00007FF697690548,?,?,00000060,00007FF69768C1D5), ref: 00007FF69768E5B7
                                                                                                                                                • free.LIBCMT ref: 00007FF69768E5C4
                                                                                                                                                • _errno.LIBCMT ref: 00007FF69768E5C9
                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000040,00007FF69768E62F,?,?,00000000,00007FF697690491,?,?,00000000,00007FF697690548,?,?,00000060,00007FF69768C1D5), ref: 00007FF69768E5EC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _set_error_mode$CriticalSection_errno$CountExitFileInitializeLeaveModuleNameProcessSleepSpin_lockfreemalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 113790786-0
                                                                                                                                                • Opcode ID: 2d1ef2fde54ebfedcf42dc4894739ded5dea42c6a09302ca36246490a2853921
                                                                                                                                                • Instruction ID: c1078e790b6317256490f31f88c5c3dbf910ba6bb09f2afcf7900c671fc0c81d
                                                                                                                                                • Opcode Fuzzy Hash: 2d1ef2fde54ebfedcf42dc4894739ded5dea42c6a09302ca36246490a2853921
                                                                                                                                                • Instruction Fuzzy Hash: 88214C35E0964282FE70AB10E4153F96264EF42BC0F4451B5E6AED66D2DF3CE840A712
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69769144C, Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __doserrno_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 921712934-0
                                                                                                                                                • Opcode ID: a12748f3224555f0109c8e8443556a5b406f29b52e68776097e169668b520645
                                                                                                                                                • Instruction ID: 4801c817eb5d6c4ea9b63a1ac9e78a7022cd5586571ba781b7beb08e2cdde1ed
                                                                                                                                                • Opcode Fuzzy Hash: a12748f3224555f0109c8e8443556a5b406f29b52e68776097e169668b520645
                                                                                                                                                • Instruction Fuzzy Hash: B721C172A1854241EE2A6B1598912BD2560DF56BF1F1903F4EA3DC63C2CF3CA441A710
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768E650, Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$BuffersErrorFileFlushLast__doserrno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1845094721-0
                                                                                                                                                • Opcode ID: f42d8c3413bafc89c2e94a35f9fce746286aaf44ae2381123df08c8b06903874
                                                                                                                                                • Instruction ID: 10b7c9b07aea1b480e59417be6949b597506f2e66f5ecd8953773c32baa40786
                                                                                                                                                • Opcode Fuzzy Hash: f42d8c3413bafc89c2e94a35f9fce746286aaf44ae2381123df08c8b06903874
                                                                                                                                                • Instruction Fuzzy Hash: 06219231E0864345EE325FA598A42FD2661DF42BD0F1901B4E67D862D2CF6CA881E714
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697691C24, Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • _getptd.LIBCMT ref: 00007FF697691C43
                                                                                                                                                  • Part of subcall function 00007FF697690574: _amsg_exit.LIBCMT ref: 00007FF69769058A
                                                                                                                                                  • Part of subcall function 00007FF697691860: _getptd.LIBCMT ref: 00007FF69769186A
                                                                                                                                                  • Part of subcall function 00007FF697691860: _amsg_exit.LIBCMT ref: 00007FF697691907
                                                                                                                                                  • Part of subcall function 00007FF69769191C: GetOEMCP.KERNEL32 ref: 00007FF697691946
                                                                                                                                                  • Part of subcall function 00007FF69768AE80: malloc.LIBCMT ref: 00007FF69768AEAB
                                                                                                                                                  • Part of subcall function 00007FF69768AE80: Sleep.KERNEL32(?,?,00000000,00007FF69768E585,?,?,00000040,00007FF69768E62F,?,?,00000000,00007FF697690491,?,?,00000000,00007FF697690548), ref: 00007FF69768AEBE
                                                                                                                                                • free.LIBCMT ref: 00007FF697691CCE
                                                                                                                                                  • Part of subcall function 00007FF69768E314: HeapFree.KERNEL32(?,?,00000000,00007FF69769055C,?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF69768E32A
                                                                                                                                                  • Part of subcall function 00007FF69768E314: _errno.LIBCMT ref: 00007FF69768E334
                                                                                                                                                  • Part of subcall function 00007FF69768E314: GetLastError.KERNEL32(?,?,00000000,00007FF69769055C,?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF69768E33C
                                                                                                                                                • _lock.LIBCMT ref: 00007FF697691CFE
                                                                                                                                                • free.LIBCMT ref: 00007FF697691DA1
                                                                                                                                                • free.LIBCMT ref: 00007FF697691DCD
                                                                                                                                                • _errno.LIBCMT ref: 00007FF697691DD2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: free$_amsg_exit_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3894533514-0
                                                                                                                                                • Opcode ID: 9fac4b628bf90c6cc894e34464ee3d8af706cad85a3ec321a2f95b6b747c8ec0
                                                                                                                                                • Instruction ID: 4ff3dd0ac7fd2b9800ffb38b6ccf74a81cb3d066946f56b3a55a9b0da385be64
                                                                                                                                                • Opcode Fuzzy Hash: 9fac4b628bf90c6cc894e34464ee3d8af706cad85a3ec321a2f95b6b747c8ec0
                                                                                                                                                • Instruction Fuzzy Hash: 5251C276A0864286EF789B21D4402B976A1FFA1BD4F2441B6DA7EC7396CF3CE405E700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976904F0, Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLastError.KERNEL32(?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF6976904FA
                                                                                                                                                • FlsGetValue.KERNEL32(?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF697690508
                                                                                                                                                • SetLastError.KERNEL32(?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF697690560
                                                                                                                                                  • Part of subcall function 00007FF69768AF00: Sleep.KERNEL32(?,?,00000000,00007FF697690523,?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF69768AF45
                                                                                                                                                • FlsSetValue.KERNEL32(?,?,00000060,00007FF69768C1D5,?,?,?,?,00007FF697689BE6), ref: 00007FF697690534
                                                                                                                                                • free.LIBCMT ref: 00007FF697690557
                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00007FF697690548
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3106088686-0
                                                                                                                                                • Opcode ID: 3bcabad23f4079c9271230c6d7d8097488f8e0719cd1c741459f8bc2f7f33a94
                                                                                                                                                • Instruction ID: 7c467022fefd99e20408403d23b7913384da8d1121291e9d71a999a396652b31
                                                                                                                                                • Opcode Fuzzy Hash: 3bcabad23f4079c9271230c6d7d8097488f8e0719cd1c741459f8bc2f7f33a94
                                                                                                                                                • Instruction Fuzzy Hash: 08017135A08743D3FF659B69A4550382291EF58BE0B4882B4D93EC23D5EE3CE444E210
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697685E30, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: fwprintf
                                                                                                                                                • String ID: %s: illegal option -- %c$%s: option requires an argument -- %c$vhdep:o:
                                                                                                                                                • API String ID: 968622242-129695684
                                                                                                                                                • Opcode ID: d38e01b72fa250cba9d00fe88fd717ba0fd9e1bc252ca4bb4f909f3b139bc0e1
                                                                                                                                                • Instruction ID: c128bfaa71890d048457e7ab40f05b212bce63cc22de3d0c76d82f1bdfdd3035
                                                                                                                                                • Opcode Fuzzy Hash: d38e01b72fa250cba9d00fe88fd717ba0fd9e1bc252ca4bb4f909f3b139bc0e1
                                                                                                                                                • Instruction Fuzzy Hash: 82414D71E18A0285EF349F15E4802B823B2EFA5BC4F4581B6DA2DC72A5DF7CE841A740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697685740, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: fwprintf
                                                                                                                                                • String ID: %s version %s (%s)$3.10$April 16, 2015$aescrypt
                                                                                                                                                • API String ID: 968622242-1689261965
                                                                                                                                                • Opcode ID: 6bea94347dba1452cf1a0993a8da4e45dc40ae7915ad74c7f292145320ccaee8
                                                                                                                                                • Instruction ID: 0b5d917e0fb00c435af21ed5292a95f0fef8f751a15fa0fb46219013d5b663e2
                                                                                                                                                • Opcode Fuzzy Hash: 6bea94347dba1452cf1a0993a8da4e45dc40ae7915ad74c7f292145320ccaee8
                                                                                                                                                • Instruction Fuzzy Hash: 9F013175E1930BD1EF306B50E4551F563B0EF627C0F8884B2C63E866D1EEBCA685A241
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768C80C, Relevance: 7.6, APIs: 5, Instructions: 137COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$_lock$CountEnterInitializeLeaveSpin
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3451527041-0
                                                                                                                                                • Opcode ID: 8e708ab45b179a98bcd60c1698d711b8e8d2c9dd02b78884525adedc86402b9f
                                                                                                                                                • Instruction ID: 3d30fff2b05a64b8003c4ca0ef866f9a1e2ade9398fb1aa0ef0a095d9da352f6
                                                                                                                                                • Opcode Fuzzy Hash: 8e708ab45b179a98bcd60c1698d711b8e8d2c9dd02b78884525adedc86402b9f
                                                                                                                                                • Instruction Fuzzy Hash: 5A51D172A0864286EF208B24D4403B966A0FB95BE8F4452F5DABE863D5EF7CE855D700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697693AA8, Relevance: 7.6, APIs: 5, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$StringTypefreemalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 307345228-0
                                                                                                                                                • Opcode ID: 1ae47fa2b74ae960bf7b266387c26869b3ec2c29c50c0ff91ef57fd4c3cfd6f4
                                                                                                                                                • Instruction ID: 896f4124f068bd36ad4ba52d8e6a49c2e2e1adcd1f39bb81ff2310decbf500a4
                                                                                                                                                • Opcode Fuzzy Hash: 1ae47fa2b74ae960bf7b266387c26869b3ec2c29c50c0ff91ef57fd4c3cfd6f4
                                                                                                                                                • Instruction Fuzzy Hash: 52413D32A0468296EF219F2698005A97395FF65BE8F58427AEE3D877D9DE38E4019300
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697689BB4, Relevance: 7.6, APIs: 5, Instructions: 92COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_ftbuf
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2784728999-0
                                                                                                                                                • Opcode ID: ad868f1876aaf54274916ed795feb26fbbd98b085143bf8b65d46564722a6239
                                                                                                                                                • Instruction ID: 95684c6e7cd2ffa75f65564468e858dbc0d37a0a134842d5e682e576a75755f3
                                                                                                                                                • Opcode Fuzzy Hash: ad868f1876aaf54274916ed795feb26fbbd98b085143bf8b65d46564722a6239
                                                                                                                                                • Instruction Fuzzy Hash: 6D31F272A0870202EE79972598912FD2291EF57BE0F6456B1EE3DC62D1CF2CE841E600
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697690B94, Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,00007FF697690CA9,?,?,?,?,00007FF69768A7A2,?,?,?,00007FF69768A5B0), ref: 00007FF697690BBD
                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,00007FF697690CA9,?,?,?,?,00007FF69768A7A2,?,?,?,00007FF69768A5B0), ref: 00007FF697690BCD
                                                                                                                                                  • Part of subcall function 00007FF6976935E0: _errno.LIBCMT ref: 00007FF6976935E9
                                                                                                                                                  • Part of subcall function 00007FF6976935E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6976935F4
                                                                                                                                                • EncodePointer.KERNEL32(?,?,?,00007FF697690CA9,?,?,?,?,00007FF69768A7A2,?,?,?,00007FF69768A5B0), ref: 00007FF697690C4B
                                                                                                                                                  • Part of subcall function 00007FF69768AF84: realloc.LIBCMT ref: 00007FF69768AFAF
                                                                                                                                                  • Part of subcall function 00007FF69768AF84: Sleep.KERNEL32(?,?,00000000,00007FF697690C3B,?,?,?,00007FF697690CA9,?,?,?,?,00007FF69768A7A2), ref: 00007FF69768AFCB
                                                                                                                                                • EncodePointer.KERNEL32(?,?,?,00007FF697690CA9,?,?,?,?,00007FF69768A7A2,?,?,?,00007FF69768A5B0), ref: 00007FF697690C5B
                                                                                                                                                • EncodePointer.KERNEL32(?,?,?,00007FF697690CA9,?,?,?,?,00007FF69768A7A2,?,?,?,00007FF69768A5B0), ref: 00007FF697690C68
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Pointer$Encode$Decode$Sleep_errno_invalid_parameter_noinforealloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1909145217-0
                                                                                                                                                • Opcode ID: 82bf35ad9383b557b09efbdd719a92cf33183cf339ba5caf8f12645cf8dc4d7d
                                                                                                                                                • Instruction ID: 36fa5600d2227d6e028ed040f8d95b676bd9ac7696a4d407c77cc4c2bcf3c92d
                                                                                                                                                • Opcode Fuzzy Hash: 82bf35ad9383b557b09efbdd719a92cf33183cf339ba5caf8f12645cf8dc4d7d
                                                                                                                                                • Instruction Fuzzy Hash: 69218E31B0AB4381EE609B22F94817963A1FF59BC1F4448B5DE2E97795EE3CE485A700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768A060, Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                • Opcode ID: 2d2ea91e8a03f3fcd4de8369c3cb072467851a1b2b4d040e1b562c3bcf192a49
                                                                                                                                                • Instruction ID: 7d29c341ab824d25bae972afd30993931367eff145ead022b38677269704ea25
                                                                                                                                                • Opcode Fuzzy Hash: 2d2ea91e8a03f3fcd4de8369c3cb072467851a1b2b4d040e1b562c3bcf192a49
                                                                                                                                                • Instruction Fuzzy Hash: D121E531E0864241EE365B2899922FD6561EF823D4F5881B5EABC876D6CE7CA881E301
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976907A8, Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                • Opcode ID: 224e98c6ffcdb278ad89ace20e785edfc2ce05eeeb390f0b5b9b36c5165881d7
                                                                                                                                                • Instruction ID: e2f100cba7081b8cf128a5b66daf665abac640155210a308a69513f5e4c5a225
                                                                                                                                                • Opcode Fuzzy Hash: 224e98c6ffcdb278ad89ace20e785edfc2ce05eeeb390f0b5b9b36c5165881d7
                                                                                                                                                • Instruction Fuzzy Hash: 32016135629A02C1EF618F21E8402656360FB59BD0F442671EE6EC77A4CF3CD984E700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768C6C8, Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __doserrno_errno
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 921712934-0
                                                                                                                                                • Opcode ID: d087394f14bd1936270b2dc7d139320fe832fb5d9573574ad5fcf41e10290610
                                                                                                                                                • Instruction ID: 87416ecb38a054d7030e698e64b8608529383326c766a471e8ab7054cb3f946c
                                                                                                                                                • Opcode Fuzzy Hash: d087394f14bd1936270b2dc7d139320fe832fb5d9573574ad5fcf41e10290610
                                                                                                                                                • Instruction Fuzzy Hash: B4016DB2E08A0641FE261B28C8E13F82570DF52BF1F9143F5D63D863D2CF2C6441A610
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF6976930C0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                • String ID: A$Z
                                                                                                                                                • API String ID: 2959964966-4098844585
                                                                                                                                                • Opcode ID: d20ba54dd1814ab2af6b89c24a35e29c972fa68435731ba382d4b3cf6284b3af
                                                                                                                                                • Instruction ID: 00429b19c8da1161bb187600122830e4eb65c675a8f3b84db81b6358f99d2f94
                                                                                                                                                • Opcode Fuzzy Hash: d20ba54dd1814ab2af6b89c24a35e29c972fa68435731ba382d4b3cf6284b3af
                                                                                                                                                • Instruction Fuzzy Hash: 44319172E18282C1FF71571295401B9B2A1FB60BD1F9841BAEAED877E5DF2CE941E304
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697690DB4, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno_getptd_invalid_parameter_noinfoiswctype
                                                                                                                                                • String ID: A$Z
                                                                                                                                                • API String ID: 3686281101-4098844585
                                                                                                                                                • Opcode ID: 0803aee2681a22c70580b2b450e4753fc818621dec8902612a5e4baa8115117e
                                                                                                                                                • Instruction ID: 582e4c6ffcd47ba2617779868c45f2ac834d2bff40d72a24b053fe8e2b75b8ec
                                                                                                                                                • Opcode Fuzzy Hash: 0803aee2681a22c70580b2b450e4753fc818621dec8902612a5e4baa8115117e
                                                                                                                                                • Instruction Fuzzy Hash: 9921BF72E1C69782EF705B1591401BD76A0EB60BE0F9841B6EAED877D5CE2CE881E704
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768A62C, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,000000FF,00007FF69768A675,?,?,00000028,00007FF6976911CD,?,?,00000000,00007FF69768AEB0,?,?,00000000,00007FF69768E585), ref: 00007FF69768A63B
                                                                                                                                                • GetProcAddress.KERNEL32(?,?,000000FF,00007FF69768A675,?,?,00000028,00007FF6976911CD,?,?,00000000,00007FF69768AEB0,?,?,00000000,00007FF69768E585), ref: 00007FF69768A650
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                • API String ID: 1646373207-1276376045
                                                                                                                                                • Opcode ID: d768da7d125e80c1b9ef37ad8dcc2285ebecfe23f030a1b8b23080145edad4f3
                                                                                                                                                • Instruction ID: abd6e1f8a1338f2f2aeb8a546387d9d11758b7b9d65d926b40f2e971b6762963
                                                                                                                                                • Opcode Fuzzy Hash: d768da7d125e80c1b9ef37ad8dcc2285ebecfe23f030a1b8b23080145edad4f3
                                                                                                                                                • Instruction Fuzzy Hash: D8E01230F1A70242FE795B60A8951741391DF69B80B4811B9C83E863D3FEACA5D9E340
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697694258, Relevance: 6.1, APIs: 4, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _errno$_getbuf_invalid_parameter_noinfo_isatty
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3655708593-0
                                                                                                                                                • Opcode ID: 9d028643f62ca4cb0bd7679b00d7929341a53bdd9b36be22845da04e5a3a773c
                                                                                                                                                • Instruction ID: fc8e31335cd16457a410a308730ecb07d1ef72fec424de4d32d14c699082b937
                                                                                                                                                • Opcode Fuzzy Hash: 9d028643f62ca4cb0bd7679b00d7929341a53bdd9b36be22845da04e5a3a773c
                                                                                                                                                • Instruction Fuzzy Hash: 8B416E73A0860285EF389B3AD4412BE3AA0EF65BD4F144275DA7D873D9DE38E851E640
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768EA08, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalSection$CountEnterInitializeSpin_amsg_exit_lockfree
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3786353176-0
                                                                                                                                                • Opcode ID: ebdfc22b25f2f5a8880d524cd0444043a57087bddbfa82e0597896c189cfdc12
                                                                                                                                                • Instruction ID: 72473bf4e2f686479a66b0c9f887471b0d23d7efc0e0744d99c33d82c9285de3
                                                                                                                                                • Opcode Fuzzy Hash: ebdfc22b25f2f5a8880d524cd0444043a57087bddbfa82e0597896c189cfdc12
                                                                                                                                                • Instruction Fuzzy Hash: 4D418032A18A4682EF208B25D5843B87361FF66FC4F144675CAAE873E5DF2CE801E344
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697691860, Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _amsg_exit$_getptd_lockfree
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2148533958-0
                                                                                                                                                • Opcode ID: c508ad0cd615e05640d9338cf0dca328dd1022c8bf87a7fa6993910036ca0970
                                                                                                                                                • Instruction ID: afe7d44e773f75523177cfd00c818963eeb795914741c2c193f58a27c30ce16f
                                                                                                                                                • Opcode Fuzzy Hash: c508ad0cd615e05640d9338cf0dca328dd1022c8bf87a7fa6993910036ca0970
                                                                                                                                                • Instruction Fuzzy Hash: 0D114C76A0D64282EEA89B51E5413B973A1FBA4BC0F1800B6EE6D83395DF2CE450F741
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF69768E354, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CriticalDeleteSection_amsg_exit_lockfclosefree
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 594724896-0
                                                                                                                                                • Opcode ID: 45cb9dd5733144bb85f733cb220613c2383cf725c8d0bf54250945974cfdd33f
                                                                                                                                                • Instruction ID: 8a23b247b02148166783642e3fc9d934756d309dd4fee4c94141dbe18d37d863
                                                                                                                                                • Opcode Fuzzy Hash: 45cb9dd5733144bb85f733cb220613c2383cf725c8d0bf54250945974cfdd33f
                                                                                                                                                • Instruction Fuzzy Hash: A5115135908A4282EE209B19E4843BC7760FB92FC4F144275DAAED32B5CF3DEC41D604
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697692130, Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _amsg_exit_getptd$_lock
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3670291111-0
                                                                                                                                                • Opcode ID: 80f0dad736781ac731d672acec243250c0765e746191206ca567636be8096a81
                                                                                                                                                • Instruction ID: 3dce5b591332cce096f5b1d74653232d1afc2e2d91d0fc46224e3b1499d62f6c
                                                                                                                                                • Opcode Fuzzy Hash: 80f0dad736781ac731d672acec243250c0765e746191206ca567636be8096a81
                                                                                                                                                • Instruction Fuzzy Hash: 2DF0F931F09142D5FE79AB5188417F82261EFA5BC4F0842B4DB6C873D2DE2CA864F711
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697688C08, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileModuleName_wcwild
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\aes_x64.exe
                                                                                                                                                • API String ID: 3323776934-4021023222
                                                                                                                                                • Opcode ID: 6bd8d6e7bad2f501a54204c0fbdf73bde0db0993f076b6fa9848faa7d6e3352f
                                                                                                                                                • Instruction ID: d49e61af148c5e6e97296dfbebbc9b89089c340be7f6618e945a53aa62aae544
                                                                                                                                                • Opcode Fuzzy Hash: 6bd8d6e7bad2f501a54204c0fbdf73bde0db0993f076b6fa9848faa7d6e3352f
                                                                                                                                                • Instruction Fuzzy Hash: 7C21A132A2974781EE308B65A4440AAA390FF997F0F440776EA7D87BD4EE7CE0449B04
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FF697694618, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000024.00000002.388086380.00007FF697681000.00000020.00020000.sdmp, Offset: 00007FF697680000, based on PE: true
                                                                                                                                                • Associated: 00000024.00000002.388065280.00007FF697680000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388115021.00007FF697695000.00000002.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388135116.00007FF69769A000.00000004.00020000.sdmp Download File
                                                                                                                                                • Associated: 00000024.00000002.388162054.00007FF6976A2000.00000002.00020000.sdmp Download File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_36_2_7ff697680000_aes_x64.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Stringwcsnlen
                                                                                                                                                • String ID: UTF-8
                                                                                                                                                • API String ID: 1747122221-243350608
                                                                                                                                                • Opcode ID: a339f4ad7e84e27e57b0a66e3852421559cfd4e7fd8628abe59421ee9f693860
                                                                                                                                                • Instruction ID: 307585d15ca0b15b63c8e4323d954e90cb3c5c87de32168cf0915027b731a8ca
                                                                                                                                                • Opcode Fuzzy Hash: a339f4ad7e84e27e57b0a66e3852421559cfd4e7fd8628abe59421ee9f693860
                                                                                                                                                • Instruction Fuzzy Hash: 85F08276B08B8182DB208B06B44046BEBA5FBA9BD4F588134EF9C97F19CF3CD4518B40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%