Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BLAoQPacf8.exe

Overview

General Information

Sample Name:BLAoQPacf8.exe
Analysis ID:696535
MD5:358e055b5c145bcce4d12806fff67639
SHA1:299d6679158b7a705b5e9043aea08703570f8daa
SHA256:48d531158fd3462c5760296fb78d808f103d7a619ee5a8e6200163d7aaf78de0
Tags:116-203-105-117exe
Infos:

Detection

Clipboard Hijacker, ManusCrypt, Nymaim, PrivateLoader, Raccoon Stealer v2, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Detected unpacking (overwrites its own PE header)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Yara detected Clipboard Hijacker
Yara detected Raccoon Stealer v2
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Nymaim
Yara detected ManusCrypt
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected PrivateLoader
Disable Windows Defender real time protection (registry)
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect sandboxes and other dynamic analysis tools (window names)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Creates processes via WMI
Machine Learning detection for sample
Drops PE files to the document folder of the user
Allocates memory in foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to evade analysis by execution special instruction (VM detection)
Tries to detect virtualization through RDTSC time measurements
Creates a thread in another existing process (thread injection)
Modifies Group Policy settings
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
PE file contains section with special chars
Hides threads from debuggers
Detected VMProtect packer
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Creates HTML files with .exe extension (expired dropper behavior)
Yara detected Generic Downloader
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
Disables Windows Defender (deletes autostart)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Sets debug register (to hijack the execution of another thread)
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
PE file contains more sections than normal
Launches processes in debugging mode, may be used to hinder debugging
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
PE file contains sections with non-standard names
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Entry point lies outside standard sections
Enables debug privileges
Is looking for software installed on the system
Sample file is different than original file name gathered from version info
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
PE file contains an invalid checksum
Allocates memory with a write watch (potentially for evading sandboxes)
File is packed with WinRar
Contains capabilities to detect virtual machines
Uses taskkill to terminate processes
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries disk information (often used to detect virtual machines)

Classification

  • System is w10x64
  • BLAoQPacf8.exe (PID: 6764 cmdline: "C:\Users\user\Desktop\BLAoQPacf8.exe" MD5: 358E055B5C145BCCE4D12806FFF67639)
    • tCcv8lF4UYTMplGGrWDw5cWW.exe (PID: 6420 cmdline: "C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe" MD5: 106078BB0964B75800DA2013419239D9)
    • c7rWZ6AD59zgrdOhi2rzdfQY.exe (PID: 6404 cmdline: "C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe" MD5: 9519C85C644869F182927D93E8E25A33)
    • tATOZ_TcqCv6HE8KoljJlz43.exe (PID: 6408 cmdline: "C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe" MD5: 47D8824241636F9895D127858B55401F)
      • regsvr32.exe (PID: 5284 cmdline: "C:\Windows\System32\regsvr32.exe" /U .\dJ9D2LWF.S5p /S MD5: 426E7499F6A7346F0410DEAD0805586B)
    • ya8r1xvulFithxJ9UL7uu94j.exe (PID: 6424 cmdline: "C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe" MD5: 77D8DF4427C8B1A28C8D2591A9C92A70)
    • 0SEWW7Fboj9D5RnPnbU1p9yZ.exe (PID: 6376 cmdline: "C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe" MD5: 76000A1A15850FCAA06877E21F7EB348)
      • conhost.exe (PID: 6624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • N2ANCtOGK6Q7WT1u6BEuU3DI.exe (PID: 6496 cmdline: "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe" MD5: D33F5C381C8A2DC544C313355BA4EB64)
      • is-SL6OH.tmp (PID: 524 cmdline: "C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp" /SL4 $20358 "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe" 2324125 52736 MD5: FEC7BFF4C36A4303ADE51E3ED704E708)
        • ccsearcher.exe (PID: 4528 cmdline: "C:\Program Files (x86)\ccSearcher\ccsearcher.exe" MD5: 0545F55B7F65691C450919EE98E9C6B8)
          • cmd.exe (PID: 6384 cmdline: "C:\Windows\System32\cmd.exe" /c taskkill /im "ccsearcher.exe" /f & erase "C:\Program Files (x86)\ccSearcher\ccsearcher.exe" & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • taskkill.exe (PID: 7032 cmdline: taskkill /im "ccsearcher.exe" /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • 4Luq2Awo847C90gLhrh33Vce.exe (PID: 6488 cmdline: "C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe" MD5: 469B0C97D2AA9A03581536D485BC8864)
    • Mvid01XiHg4mGe4qVGe0NVxb.exe (PID: 6492 cmdline: "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" MD5: 2EF8DA551CF5AB2AB6E3514321791EAB)
      • conhost.exe (PID: 6512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Mvid01XiHg4mGe4qVGe0NVxb.exe (PID: 5020 cmdline: "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" -h MD5: 2EF8DA551CF5AB2AB6E3514321791EAB)
        • conhost.exe (PID: 484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • 38em7CPwWyzLEPAoMPchCiaK.exe (PID: 6348 cmdline: "C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe" MD5: 83FD77104C17653424A3D3894DBE8793)
      • dIo5PnRp.exe (PID: 6888 cmdline: "C:\Users\user\AppData\Roaming\dIo5PnRp.exe" MD5: A0CCE836755A2B064842089D16EA5561)
        • schtasks.exe (PID: 3396 cmdline: /C /create /F /sc minute /mo 5 /tn "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}" /tr "C:\Users\user\AppData\Roaming\Windows\System32\sihost.exe" MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • schtasks.exe (PID: 3480 cmdline: /C /Query /XML /TN "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}" MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 5284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • 6Z9UYZuB.exe (PID: 6532 cmdline: "C:\Users\user\AppData\Roaming\6Z9UYZuB.exe" MD5: 96EC3EFA9BD454550B615DF142B08295)
  • svchost.exe (PID: 6836 cmdline: c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s fhsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6844 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6056 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p -s wisvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5468 cmdline: C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • WmiPrvSE.exe (PID: 160 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: A782A4ED336750D10B3CAF776AFE8E70)
    • rundll32.exe (PID: 5912 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open MD5: 73C519F050C20580F8A62C849D49215A)
      • rundll32.exe (PID: 5400 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • svchost.exe (PID: 4908 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo MD5: 32569E403279B3FD2EDB7EBD036273FA)
          • svchost.exe (PID: 60 cmdline: C:\Windows\system32\svchost.exe -k WspService MD5: 32569E403279B3FD2EDB7EBD036273FA)
        • svchost.exe (PID: 1020 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
        • svchost.exe (PID: 1740 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT MD5: 32569E403279B3FD2EDB7EBD036273FA)
        • svchost.exe (PID: 2288 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
        • svchost.exe (PID: 2172 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6784 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 400 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup
{"Crypto Addresses": ["cosmos1ksj5v03v0pvxgkksrs4gspew60spn7a3wktrqg", "0xC4CBB4Ff4d5Da21070269eFaACc220999E9C693d", "E9uf7P4j1utBVM7V9UKTNNnsCPRnhEcBp3fgfMjQf3Yf", "TRcwoqvx6Rdqz1ZZUzUYA8jpUcV8BnLdjp", "RRAyk2z75RRU9MQhfAj76U4ug4e6X1VybC", "Ae2tdPwUPEZL6tQrdMisrmYdzhHcYhGLK2aHsdhr5YUaJFm5q4g5dgADwcX", "AaJsfMyGPGQagFTCqrVa7WXfHswghPdCae", "D8r46LkmifULxy8MixMaZ2BvPprT2X47YN", "MG9bLfi1Cu1KDJjHYuyzvcSRQHiSt74xdv", "bnb140d5c04yg2km3zjvh7rsu3xnamprexnv8l8f6t", "ltc1q8aq5ptdf4635lh2a0r7mu0dyz5azrarxs32nar", "rswyvyDjXx3Q8ANQkyuHrsJ8HYJcCtGhNZ", "t1VEPm2JU1ccmPDy47jUfWxeizyzYnJNwLm", "LQjXahh7GoSywKEdR4Cugze7F22Z6xv8dY", "XnMNM5L7FBBCMGNq4kioMB9HB8skEwNuq6", "addr1q9ekvmtqrmal6ruucr8erj527s0scz320tccdd90hetzn4tnvekkq8hml58eesx0j89g4aqlps9z57h3s662l0jk982s3vefz9", "16ss5xxtyagUnpqEM34of6D7AdUEXdauYj", "37r3F5aDPSdiK2kmtDq3QkzkbKgm5ZaxyR", "{H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}", "ronin:C4CBB4Ff4d5Da21070269eFaACc220999E9C693d", "46J1GfhQn1YYALeYMaTuZ9Emch1vTfbYWVwbdQme5P1MadoVTw9ebXMWFdFSfzp55mEbLQ3LVQQRZXhfp57UtGAPUNFQLtq", "86HsbgK3zNjX5hjM9373seb3WciQbXgo6h9rAgtzqcYdUo6VU81VLMY2nfUuC78dP97VmPvXA3sYARevbUgy2sZzCF1KJzW", "O742L4IHPSRMXHNNPKRMQKPQZZ525QIQXZWU472FFQHYQ4YXUDTVO5ZSIU", "bc1q6yxye4j78arw5cjmp89a0su4vdenam9a6fg6ut"]}
{"C2 addresses": ["208.67.104.97"]}
{"C2 url": ["94.228.116.72:7597"], "Bot Id": "Fire7"}
SourceRuleDescriptionAuthorStrings
C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeMALWARE_Win_DLInjector06Detects downloader / injectorditekSHen
  • 0x5be30:$s1: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
  • 0x5b958:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5b9c0:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba28:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba90:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5baf8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bb60:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bbc8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc58:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc2c:$s3: https://ipinfo.io/
  • 0x5bcbc:$s4: https://db-ip.com/
  • 0x5bd18:$s5: https://www.maxmind.com/en/locate-my-ip-address
  • 0x5bce4:$s6: https://ipgeolocation.io/
  • 0x5be24:$s7: POST
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exeMALWARE_Win_DLInjector06Detects downloader / injectorditekSHen
  • 0x5be30:$s1: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
  • 0x5b958:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5b9c0:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba28:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba90:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5baf8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bb60:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bbc8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc58:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc2c:$s3: https://ipinfo.io/
  • 0x5bcbc:$s4: https://db-ip.com/
  • 0x5bd18:$s5: https://www.maxmind.com/en/locate-my-ip-address
  • 0x5bce4:$s6: https://ipgeolocation.io/
  • 0x5be24:$s7: POST
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Service[1].exeMALWARE_Win_DLInjector06Detects downloader / injectorditekSHen
  • 0x5be30:$s1: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
  • 0x5b958:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5b9c0:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba28:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba90:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5baf8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bb60:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bbc8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc58:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc2c:$s3: https://ipinfo.io/
  • 0x5bcbc:$s4: https://db-ip.com/
  • 0x5bd18:$s5: https://www.maxmind.com/en/locate-my-ip-address
  • 0x5bce4:$s6: https://ipgeolocation.io/
  • 0x5be24:$s7: POST
C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exeMALWARE_Win_DLInjector06Detects downloader / injectorditekSHen
  • 0x5be30:$s1: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
  • 0x5b958:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5b9c0:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba28:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba90:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5baf8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bb60:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bbc8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc58:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc2c:$s3: https://ipinfo.io/
  • 0x5bcbc:$s4: https://db-ip.com/
  • 0x5bd18:$s5: https://www.maxmind.com/en/locate-my-ip-address
  • 0x5bce4:$s6: https://ipgeolocation.io/
  • 0x5be24:$s7: POST
C:\Program Files (x86)\PowerControl\PowerControl_Svc.exeMALWARE_Win_DLInjector06Detects downloader / injectorditekSHen
  • 0x5be30:$s1: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
  • 0x5b958:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5b9c0:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba28:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5ba90:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5baf8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bb60:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bbc8:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc58:$s2: Content-Type: application/x-www-form-urlencoded
  • 0x5bc2c:$s3: https://ipinfo.io/
  • 0x5bcbc:$s4: https://db-ip.com/
  • 0x5bd18:$s5: https://www.maxmind.com/en/locate-my-ip-address
  • 0x5bce4:$s6: https://ipgeolocation.io/
  • 0x5be24:$s7: POST
SourceRuleDescriptionAuthorStrings
0000000F.00000003.524714059.000000000112F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
    0000000F.00000003.545294513.000000000112F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
      0000000F.00000003.539746359.000000000112F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
        0000000F.00000003.550907503.000000000112F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
          0000000F.00000003.489630303.000000000112F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
            Click to see the 122 entries
            SourceRuleDescriptionAuthorStrings
            29.2.ccsearcher.exe.1ba0000.1.unpackJoeSecurity_NymaimYara detected NymaimJoe Security
              13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x257a2:$pat14: , CommandLine:
                  • 0x1d3a3:$v2_1: ListOfProcesses
                  • 0x1a27d:$v4_3: base64str
                  • 0x1a25a:$v4_4: stringKey
                  • 0x1a287:$v4_5: BytesToStringConverted
                  • 0x1a272:$v4_6: FromBase64
                  • 0x1d156:$v4_8: procName
                  • 0x18dc3:$v5_1: DownloadAndExecuteUpdate
                  • 0x18deb:$v5_2: ITaskProcessor
                  • 0x18db1:$v5_3: CommandLineUpdate
                  • 0x18ddc:$v5_4: DownloadUpdate
                  • 0x18d25:$v5_5: FileScanning
                  • 0x18fd7:$v5_7: RecordHeaderField
                  • 0x18f01:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  0.3.BLAoQPacf8.exe.5d04820.34.raw.unpackMALWARE_Win_DLInjector06Detects downloader / injectorditekSHen
                  • 0x5be30:$s1: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                  • 0x5b958:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5b9c0:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5ba28:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5ba90:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5baf8:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5bb60:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5bbc8:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5bc58:$s2: Content-Type: application/x-www-form-urlencoded
                  • 0x5bc2c:$s3: https://ipinfo.io/
                  • 0x5bcbc:$s4: https://db-ip.com/
                  • 0x5bd18:$s5: https://www.maxmind.com/en/locate-my-ip-address
                  • 0x5bce4:$s6: https://ipgeolocation.io/
                  • 0x5be24:$s7: POST
                  Click to see the 121 entries
                  No Sigma rule has matched
                  No Snort rule has matched

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: http://62.204.41.123/installer.exeC:Avira URL Cloud: Label: malware
                  Source: https://cdn.discordapp.cfAvira URL Cloud: Label: phishing
                  Source: http://62.204.41.123/installer.exenAvira URL Cloud: Label: malware
                  Source: http://107.182.129.251/download/Service.exeiversAvira URL Cloud: Label: malware
                  Source: http://62.204.41.123/installer.exe$Avira URL Cloud: Label: malware
                  Source: http://107.182.129.251/download/Service.exeAvira URL Cloud: Label: malware
                  Source: http://62.204.41.123/installer.exe.Avira URL Cloud: Label: malware
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exeAvira: detection malicious, Label: HEUR/AGEN.1213251
                  Source: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exeAvira: detection malicious, Label: HEUR/AGEN.1213251
                  Source: BLAoQPacf8.exeReversingLabs: Detection: 67%
                  Source: BLAoQPacf8.exeVirustotal: Detection: 60%Perma Link
                  Source: BLAoQPacf8.exeMetadefender: Detection: 50%Perma Link
                  Source: https://smartectechnologies.com/12/TrdngAnr6339.exeVirustotal: Detection: 18%Perma Link
                  Source: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exeReversingLabs: Detection: 96%
                  Source: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exeMetadefender: Detection: 40%Perma Link
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exeReversingLabs: Detection: 96%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\TrdngAnr6339[1].exeReversingLabs: Detection: 20%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\yare1095[1].exeReversingLabs: Detection: 53%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exeMetadefender: Detection: 40%Perma Link
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Service[1].exeReversingLabs: Detection: 96%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\installer[1].exeMetadefender: Detection: 33%Perma Link
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\installer[1].exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Service[1].exeMetadefender: Detection: 40%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\db.dllReversingLabs: Detection: 24%
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeReversingLabs: Detection: 64%
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeReversingLabs: Detection: 42%
                  Source: C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exeReversingLabs: Detection: 20%
                  Source: C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exeReversingLabs: Detection: 96%
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeMetadefender: Detection: 27%Perma Link
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeReversingLabs: Detection: 41%
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeReversingLabs: Detection: 35%
                  Source: C:\Users\user\Pictures\Minor Policy\J4v3YeVcg94eAVikz6hmRcrE.exeReversingLabs: Detection: 20%
                  Source: C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exeMetadefender: Detection: 40%Perma Link
                  Source: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exeReversingLabs: Detection: 34%
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeReversingLabs: Detection: 96%
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeReversingLabs: Detection: 53%
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeMetadefender: Detection: 40%Perma Link
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeMetadefender: Detection: 33%Perma Link
                  Source: BLAoQPacf8.exeJoe Sandbox ML: detected
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\setup331[1].exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\installer[1].exeJoe Sandbox ML: detected
                  Source: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exeJoe Sandbox ML: detected
                  Source: 33.0.svchost.exe.23ffe9b0000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 40.0.svchost.exe.17739340000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 27.2.rundll32.exe.3120000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 40.2.svchost.exe.17739340000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 22.2.is-SL6OH.tmp.400000.0.unpackAvira: Label: TR/Dropper.Gen
                  Source: 32.0.svchost.exe.2e4a1010000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 41.2.svchost.exe.14f76fb0000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 33.2.svchost.exe.23ffe9b0000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 28.0.svchost.exe.2493d930000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 12.3.N2ANCtOGK6Q7WT1u6BEuU3DI.exe.2084000.4.unpackAvira: Label: TR/ATRAPS.Gen
                  Source: 28.2.svchost.exe.2493d930000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 30.2.svchost.exe.246ab600000.1.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 32.2.svchost.exe.2e4a1010000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 12.2.N2ANCtOGK6Q7WT1u6BEuU3DI.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                  Source: 41.0.svchost.exe.14f76fb0000.0.unpackAvira: Label: TR/ATRAPS.Gen2
                  Source: 38.2.dIo5PnRp.exe.400000.0.unpackMalware Configuration Extractor: Clipboard Hijacker {"Crypto Addresses": ["cosmos1ksj5v03v0pvxgkksrs4gspew60spn7a3wktrqg", "0xC4CBB4Ff4d5Da21070269eFaACc220999E9C693d", "E9uf7P4j1utBVM7V9UKTNNnsCPRnhEcBp3fgfMjQf3Yf", "TRcwoqvx6Rdqz1ZZUzUYA8jpUcV8BnLdjp", "RRAyk2z75RRU9MQhfAj76U4ug4e6X1VybC", "Ae2tdPwUPEZL6tQrdMisrmYdzhHcYhGLK2aHsdhr5YUaJFm5q4g5dgADwcX", "AaJsfMyGPGQagFTCqrVa7WXfHswghPdCae", "D8r46LkmifULxy8MixMaZ2BvPprT2X47YN", "MG9bLfi1Cu1KDJjHYuyzvcSRQHiSt74xdv", "bnb140d5c04yg2km3zjvh7rsu3xnamprexnv8l8f6t", "ltc1q8aq5ptdf4635lh2a0r7mu0dyz5azrarxs32nar", "rswyvyDjXx3Q8ANQkyuHrsJ8HYJcCtGhNZ", "t1VEPm2JU1ccmPDy47jUfWxeizyzYnJNwLm", "LQjXahh7GoSywKEdR4Cugze7F22Z6xv8dY", "XnMNM5L7FBBCMGNq4kioMB9HB8skEwNuq6", "addr1q9ekvmtqrmal6ruucr8erj527s0scz320tccdd90hetzn4tnvekkq8hml58eesx0j89g4aqlps9z57h3s662l0jk982s3vefz9", "16ss5xxtyagUnpqEM34of6D7AdUEXdauYj", "37r3F5aDPSdiK2kmtDq3QkzkbKgm5ZaxyR", "{H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}", "ronin:C4CBB4Ff4d5Da21070269eFaACc220999E9C693d", "46J1GfhQn1YYALeYMaTuZ9Emch1vTfbYWVwbdQme5P1MadoVTw9ebXMWFdFSfzp55mEbLQ3LVQQRZXhfp57UtGAPUNFQLtq", "86HsbgK3zNjX5hjM9373seb3WciQbXgo6h9rAgtzqcYdUo6VU81VLMY2nfUuC78dP97VmPvXA3sYARevbUgy2sZzCF1KJzW", "O742L4IHPSRMXHNNPKRMQKPQZZ525QIQXZWU472FFQHYQ4YXUDTVO5ZSIU", "bc1q6yxye4j78arw5cjmp89a0su4vdenam9a6fg6ut"]}
                  Source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["94.228.116.72:7597"], "Bot Id": "Fire7"}
                  Source: 29.2.ccsearcher.exe.1ba0000.1.raw.unpackMalware Configuration Extractor: Nymaim {"C2 addresses": ["208.67.104.97"]}

                  Compliance

                  barindex
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeUnpacked PE file: 29.2.ccsearcher.exe.400000.0.unpack
                  Source: BLAoQPacf8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: BLAoQPacf8.exe, 00000000.00000003.332882539.0000000005F0D000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328470174.0000000005C0C000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.331166123.0000000006261000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.326500206.0000000005C8B000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.329076462.0000000005C0C000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: tCcv8lF4UYTMplGGrWDw5cWW.exe, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000002.837584980.0000000000A6E000.00000040.00000001.01000000.00000006.sdmp
                  Source: Binary string: generated .pdb file to be used when linking programs. source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: *) With Windows Visual Studio builds, the .pdb files are installed source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: library installation, ossl_static.pdb is the associate compiler source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmp

                  Spreading

                  barindex
                  Source: Yara matchFile source: 00000000.00000003.307393179.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior

                  Networking

                  barindex
                  Source: Yara matchFile source: 00000000.00000003.307393179.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C60iIX7cNwIpPMz0kPna8aKl.exe.0.dr
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: UsVkmoiAmWW0zEyoT71Xvpjb.exe.0.dr
                  Source: Yara matchFile source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpack, type: UNPACKEDPE
                  Source: Malware configuration extractorIPs: 208.67.104.97
                  Source: BLAoQPacf8.exe, 00000000.00000003.328936449.0000000004538000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://107.182.129.251/download/Service.exe
                  Source: BLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://107.182.129.251/download/Service.exeivers
                  Source: BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330832917.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324989591.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324919013.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327733090.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.123/installer.exe
                  Source: BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324430975.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330832917.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324989591.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327733090.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.123/installer.exe$
                  Source: BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324430975.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330832917.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324989591.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327733090.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.123/installer.exe.
                  Source: BLAoQPacf8.exe, 00000000.00000003.327645255.0000000004536000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324339111.0000000004536000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379265989.000000000453B000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328936449.0000000004538000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.332861513.0000000004537000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324919013.000000000453A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.123/installer.exeC:
                  Source: BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.123/installer.exen
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe, 0000000F.00000003.469508247.0000000001126000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://89.185.85.53/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cachebleed.info.
                  Source: BLAoQPacf8.exe, 00000000.00000003.314501791.0000000001C64000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.600685654.0000028F5C2CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://eprint.iacr.org/2007/039
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://eprint.iacr.org/2011/232.pdf
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://eprint.iacr.org/2014/140
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
                  Source: svchost.exe, 0000001E.00000002.881992927.00000246AD570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=8198
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://rt.openssl.org/Ticket/Display.html?id=2836.
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00.
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.527478095.0000000009816000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.538266777.000000000982B000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.549173186.000000000982D000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.539603366.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.540329317.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.539230398.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.538800231.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.537656298.000000000982B000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.540780727.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.539967105.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.543671630.000000000982D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.540329317.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.540780727.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.539967105.000000000982C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comll-
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.581316417.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.690406964.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.582196433.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.612161450.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.689892828.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.695819529.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.692252837.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.614079709.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.605320347.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.728215888.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.740546762.0000000009815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.608950704.0000000009820000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.608715292.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.606224023.000000000981F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603425124.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.602773883.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597952528.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.601024214.0000000009820000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599980418.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.598943821.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597884918.000000000981B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.690406964.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.689892828.0000000009812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.690406964.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.689892828.0000000009812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersZ/
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.580896123.0000000009815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersd
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.585878755.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerst
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comB.TTF
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.612161450.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603017397.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.595868127.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.614079709.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.612161450.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.614079709.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalic
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.612161450.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.614079709.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsF
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603017397.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.595868127.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.585878755.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comasF
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcomk
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603017397.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.595868127.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.604502337.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603017397.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.595868127.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.605320347.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.604502337.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd-p
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd9(l
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.690406964.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.692252837.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.come.com
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.612161450.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.614079709.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comessed
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.690406964.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.689892828.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.695819529.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.692252837.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.728215888.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.740546762.0000000009815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comion
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.595868127.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.585878755.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comk
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.581316417.0000000009812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comlvfet
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.581316417.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.580896123.0000000009815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comnc.nl
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.580896123.0000000009815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.635385493.000000000980C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.isg.rhul.ac.uk/tls/
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.isg.rhul.ac.uk/~kp/dtls.pdf
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.553411727.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562173672.0000000009813000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560963052.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562427545.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.561538304.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560324261.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/$(
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554358055.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/8
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.555368243.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.565057448.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562173672.0000000009813000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560963052.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.566298090.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.563342887.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.568373239.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.563691350.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.569315710.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562427545.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.561538304.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.566943779.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562935805.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.569829868.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560324261.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.565823309.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0d
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560963052.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.561538304.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560324261.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/e(
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560324261.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554637664.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554358055.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.555368243.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.553411727.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/nt
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554637664.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554358055.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.565057448.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562173672.0000000009813000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.555368243.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560963052.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.566298090.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.563342887.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.568373239.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.563691350.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.569315710.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562427545.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.561538304.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.566943779.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562935805.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.569829868.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560324261.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.565823309.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/o-p
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562173672.0000000009813000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560963052.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562427545.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.561538304.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560324261.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/var9(l
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554637664.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554358055.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.555368243.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.553411727.0000000009814000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/vno
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp)
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.lothar.com/tech/crypto/
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.620554195.000000000980C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.monotd.;le
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nuron.com/)
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562935805.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562935805.0000000009811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comX
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.stack.nl/~dimitri/doxygen/index.html
                  Source: BLAoQPacf8.exe, 00000000.00000003.308046151.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.zlib.net/DLL_FAQ.txt
                  Source: BLAoQPacf8.exe, 00000000.00000003.342442347.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://1landota.click/331_331/setup331.exe
                  Source: BLAoQPacf8.exe, 00000000.00000003.330753065.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324932334.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328956957.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324388775.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327677105.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://1landota.click/331_331/setup331.exeC:
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.tiktok.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ampproject.org
                  Source: BLAoQPacf8.exe, 00000000.00000003.324327789.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323422008.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323691903.0000000004587000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.cf
                  Source: BLAoQPacf8.exe, 00000000.00000003.324327789.0000000004587000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/
                  Source: BLAoQPacf8.exe, 00000000.00000003.328850249.0000000001CF8000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.346998511.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/738909412961550448/999676559776546917/WW20_2022-07-19_10-19.b
                  Source: BLAoQPacf8.exe, 00000000.00000003.323380864.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.378960064.000000000457D000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327256612.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323520207.0000000004547000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328777863.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330886986.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335702572.0000000004575000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324449911.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343305065.0000000004575000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324905294.000000000457F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com:80/attachments/738909412961550448/999676559776546917/WW20_2022-07-19_10-1
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.syndication.twimg.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://connect.facebook.net
                  Source: BLAoQPacf8.exe, 00000000.00000003.330904585.0000000005D05000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.326831505.0000000005CFC000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327291060.0000000005CFC000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.325327356.0000000005D04000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330042092.0000000005CFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/https://ipgeolocation.io/https://www.maxmind.com/en/locate-my-ip-addresstype
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.vk.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.361761761.0000000006035000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://gcc.gnu.org/bugs/):
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/openssl/openssl/commits/
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://googletagmanager.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.330904585.0000000005D05000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.326831505.0000000005CFC000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327291060.0000000005CFC000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.325327356.0000000005D04000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330042092.0000000005CFA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Content-Type:
                  Source: BLAoQPacf8.exe, 00000000.00000003.308046151.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/https://db-ip.com/https://www.maxmind.com/en/locate-my-ip-addresshttps://ipgeoloca
                  Source: BLAoQPacf8.exe, 00000000.00000003.321056602.0000000001CD3000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.vk.com/
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.vk.com/?act=login
                  Source: BLAoQPacf8.exe, 00000000.00000003.321056602.0000000001CD3000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.vk.com/?act=logout&hash=30fa9c25119e16d3ff&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcr
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://papi.vk.com/pushsse/ruim
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://platform.twitter.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r.mradx.net
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://securepubads.g.doubleclick.net
                  Source: BLAoQPacf8.exe, 00000000.00000003.330753065.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324932334.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323520207.0000000004547000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328956957.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324388775.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327677105.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://smartectechnologies.com/12/TrdngAnr6339.exe
                  Source: BLAoQPacf8.exe, 00000000.00000003.330753065.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324932334.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323520207.0000000004547000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328956957.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324388775.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327677105.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://smartectechnologies.com/12/TrdngAnr6339.exeC:
                  Source: BLAoQPacf8.exe, 00000000.00000003.344518342.0000000004581000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327256612.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343443789.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327588843.0000000004583000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324327789.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323422008.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323691903.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343331769.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.346998511.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://smartectechnologies.com:80/12/TrdngAnr6339.exe
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/base.c38209f5b716d50b8c33.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/common.d0bace0245d69f
                  Source: BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/common.d0bace0245d69f96566f.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/dark_theme.1e73209b3a1cf3aad8aa.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/fonts_cnt.5df9a2d31f91db9fc063.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/fonts_utf.9521539dd439e0c6a9c5.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/ui_common.f84b667095c1513ae4a5.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/css/al/uncommon.84f06003a992b59f7a86.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/69cbb29d1f77a86f9937b18d5913dcf6.9740ec066bc47af726fd.js?93d5384af0fc4d0e
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/audioplayer.82fab98a266a96c3507a.js?295cfd9831585b86747208f
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/bbd3772e7186114b708bce2cac0c3676.3c2cbcd43e9c477fc4f3.js?7800c15fde704ee3
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/common.73e2145ecfc10ef6ac9d.js?29535731a7510e8d2adb0d7
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/lottie.7d914fa3404556039ac3.js?ce04f009a75e25b9914f
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/palette.4bf277d762d64ef3a7d6.js?b68dce9304b8c6b2f831
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/vendors.58b0ef8496b2902facdb.js?df689e243b41e80f0e6a
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/common_web.bd14b46915622488a35a.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/common_web.c147345fc2dd7e810e73.js?
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/css_types.8f53544ca3d7e69ad08d.js?8fc29cc169b58ca6d004
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/docs.bd14b46915622488a35a.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/docs.e63c0a8140ff1e11d6ae.js?
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/grip.7ada28367f5da83dade5.js?e819c1c3cb0630f94765d1aa684b92eb
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/jobs_devtools_notification.063ca481b5b6da7c2e3b.js?8d6f1578d61ad984a0
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/likes.bd14b46915622488a35a.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/likes.dc023372a4b0549e2e40.js?
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/page_layout.8f43b4db3c20dfa85c65.js?c9179b916177c10fe0a79bf5eb8fd99a
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/raven_logger.623b77e762e28b5383ed.js?6abf3dfae84b9088c4f276393284dabd
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/sentry.d578a9f776ffe26f46e9.js?cfbdc5db59f97329368478691658ba1e
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/ui_common.a6abbae213870a1d6df3.js?
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/ui_common.bd14b46915622488a35a.css
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st6-23.vk.com/dist/web/unauthorized.87ce256ec55e2e3e5ca3.js?b414b642420ac2730c4b22b7d77ad654
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://static.vk.me
                  Source: BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stats.vk-portal.net
                  Source: BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-20.userapi.com/
                  Source: BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-20.userapi.com/c235131/u743379129/docs/d53/cc7a24f807a8/baydsstysfhksf_c.bmp?extra=8dLm
                  Source: BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343331769.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.346998511.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-20.userapi.com/c236331/u743379129/docs/d26/059051d765db/setup1.bmp?extra=cKjpvqfNskqSW0
                  Source: BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-21.userapi.com/
                  Source: BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-21.userapi.com/?
                  Source: BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-21.userapi.com/My
                  Source: BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-21.userapi.com/c235031/u743379129/docs/d51/c924d07213d9/911.bmp?extra=gMDY-BJDp5kskfYnw
                  Source: BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-21.userapi.com/c237331/u743379129/docs/d31/f82651545808/Galaxy_7.bmp?extra=G5XNfpEhdvCG
                  Source: BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-21.userapi.com/l
                  Source: BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-22.userapi.com/
                  Source: BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-22.userapi.com/c237
                  Source: BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-22.userapi.com/c237031/u743379129/docs/d27/ba002a47218f/output_3.bmp?extra=cPXl8IPRrFH8
                  Source: BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sun6-22.userapi.com/c237031/u7439
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tagmanager.google.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telegram.org
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ton.twimg.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
                  Source: BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/away.php?to=https%3A%2F%2F1l-go.mail.ru%2Fr%2Fadid%2F3245029_2013344%2Fpid%2F102819%2
                  Source: BLAoQPacf8.exe, 00000000.00000003.332752186.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/doc743379129_647509278?hash=SN7Eb0mNZVaZaZD18WXSJ2cGCvK5hGrWW2za85DM8dT&dl=G42DGMZXHE
                  Source: BLAoQPacf8.exe, 00000000.00000003.362093326.0000000001CFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/doc743379129_647553944?hash=RUzkh03sehOQ5DxuLDqCnRHhqt55SrrZhQogSNZEzCz&dl=G42DGMZXHE
                  Source: BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com/doc743379129_647582284?hash=OOm3VcekZ6Bc04d6BATEwGzWFdStOJf100Dm7Kj5VW0&dl=G42DGMZXHE
                  Source: BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com/doc743379129_647582399?hash=mQRYKUze4fwd4Zl44ZryWOfPAUHezklHRZfZQh3tiEL&dl=G42DGMZXHE
                  Source: BLAoQPacf8.exe, 00000000.00000003.328850249.0000000001CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/doc743379129_647582426?hash=Ri1Uj29yeI52zoqUzqZoGm9MktdF1BQzeD27MH47fDw&dl=G42DGMZXHE
                  Source: BLAoQPacf8.exe, 00000000.00000003.321056602.0000000001CD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ
                  Source: BLAoQPacf8.exe, 00000000.00000003.382303472.0000000001CEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/doc746114588_646325992?hash=LuhcCrhZuyYpXNOi0mdZvZUD5l1onzWolI8PqAiIGY4&dl=G42DMMJRGQ
                  Source: BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com/ft
                  Source: BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330832917.0000000004561000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com/m32
                  Source: BLAoQPacf8.exe, 00000000.00000003.321070662.0000000001CDA000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321056602.0000000001CD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/~
                  Source: BLAoQPacf8.exe, 00000000.00000003.328850249.0000000001CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com:80/doc743379129_647509278?hash=SN7Eb0mNZVaZaZD18WXSJ2cGCvK5hGrWW2za85DM8dT&dl=G42DGMZ
                  Source: BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com:80/doc743379129_647553944?hash=RUzkh03sehOQ5DxuLDqCnRHhqt55SrrZhQogSNZEzCz&dl=G42DGMZ
                  Source: BLAoQPacf8.exe, 00000000.00000003.330873204.0000000004575000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com:80/doc743379129_647582284?hash=OOm3VcekZ6Bc04d6BATEwGzWFdStOJf100Dm7Kj5VW0&dl=G42DGMZ
                  Source: BLAoQPacf8.exe, 00000000.00000003.330873204.0000000004575000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vk.com:80/doc743379129_647582399?hash=mQRYKUze4fwd4Zl44ZryWOfPAUHezklHRZfZQh3tiEL&dl=G42DGMZ
                  Source: BLAoQPacf8.exe, 00000000.00000003.382303472.0000000001CEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com:80/doc743379129_647582426?hash=Ri1Uj29yeI52zoqUzqZoGm9MktdF1BQzeD27MH47fDw&dl=G42DGMZ
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com:80/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJ
                  Source: BLAoQPacf8.exe, 00000000.00000003.323278158.0000000001CF8000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.325472098.0000000001CF8000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324477411.0000000001CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com:80/doc746114588_646325992?hash=LuhcCrhZuyYpXNOi0mdZvZUD5l1onzWolI8PqAiIGY4&dl=G42DMMJ
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.ru
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.openssl.org/index.php/Binaries.
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.openssl.org/index.php/TLS1.3
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.akkadia.org/drepper/SHA-crypt.txt
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.432058507.00000000036E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf.
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.facebook.com (Facebook)
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.twitter.com (Twitter)
                  Source: BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.youtube.com (Youtube)
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp4x equals www.facebook.com (Facebook)
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp4x equals www.twitter.com (Twitter)
                  Source: BLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp4x equals www.youtube.com (Youtube)

                  E-Banking Fraud

                  barindex
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.1ba0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.1ba0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001D.00000002.603100240.0000000001BA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.591652469.0000000000400000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY

                  System Summary

                  barindex
                  Source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5d04820.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5d04820.34.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 8.0.c7rWZ6AD59zgrdOhi2rzdfQY.exe.10e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5d04820.16.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5d04820.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 40.0.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 40.0.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 40.2.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 40.2.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0.3.BLAoQPacf8.exe.5d04820.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPEMatched rule: Detects Fabookie / ElysiumStealer Author: ditekSHen
                  Source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 32.0.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 32.0.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0.3.BLAoQPacf8.exe.5d04820.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 33.0.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 33.0.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 41.2.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 41.2.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0.3.BLAoQPacf8.exe.5d04820.18.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5d04820.22.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5bf3640.36.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5c3ea00.8.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 33.2.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 33.2.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0.3.BLAoQPacf8.exe.5bd2c30.45.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5d04820.24.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 28.0.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 28.0.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 28.2.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 28.2.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 38.2.dIo5PnRp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
                  Source: 30.2.svchost.exe.246ab600000.1.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 30.2.svchost.exe.246ab600000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 32.2.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 32.2.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 8.2.c7rWZ6AD59zgrdOhi2rzdfQY.exe.10e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5bf3640.39.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 41.0.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 41.0.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0.3.BLAoQPacf8.exe.5c3ea00.13.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 32.0.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 32.0.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 40.0.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 40.0.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 30.2.svchost.exe.246ab600000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 30.2.svchost.exe.246ab600000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 41.0.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 41.0.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 32.2.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 32.2.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 40.2.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 40.2.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 33.2.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 33.2.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 41.2.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 41.2.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 33.0.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 33.0.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 28.2.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 28.2.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 28.0.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Chebka Author: ditekSHen
                  Source: 28.0.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0.3.BLAoQPacf8.exe.5c8a940.12.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0.3.BLAoQPacf8.exe.5c8a940.15.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: 0000001C.00000003.522751079.000002493D8C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000021.00000003.582029964.0000023FFE940000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000028.00000003.632389452.0000017738D30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0000001E.00000002.841816607.00000246AB350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000026.00000002.682128916.0000000000401000.00000020.00000001.01000000.0000001E.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
                  Source: 0000001B.00000002.729788391.0000000003164000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000029.00000003.675917450.0000014F76F40000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000020.00000003.556299621.000002E4A0FA0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Fabookie / ElysiumStealer Author: ditekSHen
                  Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                  Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a Author: unknown
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Service[1].exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                  Source: Yara matchFile source: 40.0.svchost.exe.17739340000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 40.2.svchost.exe.17739340000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.0.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.0.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 41.2.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.svchost.exe.246ab600000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 41.0.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.0.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 40.0.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.svchost.exe.246ab600000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 41.0.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 40.2.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 41.2.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.0.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001C.00000003.522751079.000002493D8C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000003.582029964.0000023FFE940000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000003.632389452.0000017738D30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.841816607.00000246AB350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.729788391.0000000003164000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000029.00000003.675917450.0000014F76F40000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000003.556299621.000002E4A0FA0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: installer[1].exe.0.drStatic PE information: section name:
                  Source: installer[1].exe.0.drStatic PE information: section name:
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: section name:
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: section name:
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe.0.drStatic PE information: section name: ._K)
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe.0.drStatic PE information: section name: .$gT
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe.0.drStatic PE information: section name: .qD*
                  Source: dIo5PnRp.exe.15.drStatic PE information: section name: .va$
                  Source: ya8r1xvulFithxJ9UL7uu94j.exe.0.drStatic PE information: .vmp0 and .vmp1 section names
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163D9687_2_0163D968
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163D4787_2_0163D478
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163D9587_2_0163D958
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163F8407_2_0163F840
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163F8317_2_0163F831
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163BBF17_2_0163BBF1
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163E2887_2_0163E288
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163E2987_2_0163E298
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163D4697_2_0163D469
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163BC007_2_0163BC00
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_016344007_2_01634400
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163CCE77_2_0163CCE7
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163E6287_2_0163E628
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163E6197_2_0163E619
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_011329DB8_2_011329DB
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_011228008_2_01122800
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_011288558_2_01128855
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_011208598_2_01120859
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0112E22C8_2_0112E22C
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_011122A08_2_011122A0
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_01124AE98_2_01124AE9
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0110FF908_2_0110FF90
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0110F7908_2_0110F790
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_011346B08_2_011346B0
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_010E56B08_2_010E56B0
                  Source: BLAoQPacf8.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: setup331[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: setup331[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: installer[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: tATOZ_TcqCv6HE8KoljJlz43.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: tATOZ_TcqCv6HE8KoljJlz43.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: N2ANCtOGK6Q7WT1u6BEuU3DI.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: N2ANCtOGK6Q7WT1u6BEuU3DI.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: 4Luq2Awo847C90gLhrh33Vce.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: is-SL6OH.tmp.12.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: is-SL6OH.tmp.12.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: is-SL6OH.tmp.12.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: is-CG0UR.tmp.22.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: is-CG0UR.tmp.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: is-CG0UR.tmp.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeSection loaded: msvcp120_clr0400.dll
                  Source: BLAoQPacf8.exeStatic PE information: Number of sections : 11 > 10
                  Source: sqlite3.dll.15.drStatic PE information: Number of sections : 18 > 10
                  Source: BLAoQPacf8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.3.BLAoQPacf8.exe.5d04820.34.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5d04820.34.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 8.0.c7rWZ6AD59zgrdOhi2rzdfQY.exe.10e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5d04820.16.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5d04820.22.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 40.0.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 40.0.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 40.0.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 40.2.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 40.2.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 40.2.svchost.exe.17739340000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0.3.BLAoQPacf8.exe.5d04820.24.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Fabookie author = ditekSHen, description = Detects Fabookie / ElysiumStealer
                  Source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 27.2.rundll32.exe.3120000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 32.0.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 32.0.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 32.0.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0.3.BLAoQPacf8.exe.5d04820.18.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 33.0.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 33.0.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 33.0.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 41.2.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 41.2.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 41.2.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0.3.BLAoQPacf8.exe.5d04820.18.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5d04820.22.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5bf3640.36.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5c3ea00.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 33.2.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 33.2.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 33.2.svchost.exe.23ffe9b0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0.3.BLAoQPacf8.exe.5bd2c30.45.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5d04820.24.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 28.0.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 28.0.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 28.0.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.3.BLAoQPacf8.exe.4584520.26.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
                  Source: 28.2.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 28.2.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 28.2.svchost.exe.2493d930000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 38.2.dIo5PnRp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
                  Source: 30.2.svchost.exe.246ab600000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 30.2.svchost.exe.246ab600000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 30.2.svchost.exe.246ab600000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 32.2.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 32.2.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 32.2.svchost.exe.2e4a1010000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 8.2.c7rWZ6AD59zgrdOhi2rzdfQY.exe.10e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5bf3640.39.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.1cf1cac.41.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
                  Source: 41.0.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 41.0.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 41.0.svchost.exe.14f76fb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0.3.BLAoQPacf8.exe.5c3ea00.13.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 32.0.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 32.0.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 32.0.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 40.0.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 40.0.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 40.0.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 30.2.svchost.exe.246ab600000.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 30.2.svchost.exe.246ab600000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 30.2.svchost.exe.246ab600000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 41.0.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 41.0.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 41.0.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 32.2.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 32.2.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 32.2.svchost.exe.2e4a1010000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 40.2.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 40.2.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 40.2.svchost.exe.17739340000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 33.2.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 33.2.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 33.2.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 41.2.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 41.2.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 41.2.svchost.exe.14f76fb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 33.0.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 33.0.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 33.0.svchost.exe.23ffe9b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 28.2.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 28.2.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 28.2.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 28.0.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 28.0.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 28.0.svchost.exe.2493d930000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0.3.BLAoQPacf8.exe.5c8a940.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0.3.BLAoQPacf8.exe.5c8a940.15.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: 0000001C.00000003.522751079.000002493D8C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001C.00000003.522751079.000002493D8C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001E.00000003.557495596.00000246AB4A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000021.00000003.582029964.0000023FFE940000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000021.00000003.582029964.0000023FFE940000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001E.00000002.868218079.00000246AD51B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001E.00000002.867270218.00000246AD500000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000028.00000003.632389452.0000017738D30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000028.00000003.632389452.0000017738D30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001E.00000002.841816607.00000246AB350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001E.00000002.841816607.00000246AB350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000026.00000002.682128916.0000000000401000.00000020.00000001.01000000.0000001E.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
                  Source: 0000001B.00000002.729788391.0000000003164000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001B.00000002.729788391.0000000003164000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000029.00000003.675917450.0000014F76F40000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000029.00000003.675917450.0000014F76F40000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000020.00000003.556299621.000002E4A0FA0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000020.00000003.556299621.000002E4A0FA0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001E.00000003.577046507.00000246AB4A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001E.00000002.850918860.00000246AB4B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Fabookie author = ditekSHen, description = Detects Fabookie / ElysiumStealer
                  Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                  Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Generic_a681f24a reference_sample = a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Generic, fingerprint = 6323ed5b60e728297de19c878cd96b429bfd6d82157b4cf3475f3a3123921ae0, id = a681f24a-7054-4525-bcf8-3ee64a1d8413, last_modified = 2021-08-23
                  Source: 0000001E.00000002.930634142.00000246AE240000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
                  Source: 0000001E.00000002.930634142.00000246AE240000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Service[1].exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector06 author = ditekSHen, description = Detects downloader / injector
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
                  Source: is-SL6OH.tmp.12.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: is-SL6OH.tmp.12.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
                  Source: is-SL6OH.tmp.12.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                  Source: is-SL6OH.tmp.12.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: ccsearcher.exe.22.drStatic PE information: Resource name: RT_RCDATA type: Delphi compiled form 'TfrmArchiveInformation'
                  Source: is-CG0UR.tmp.22.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: is-CG0UR.tmp.22.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
                  Source: is-CG0UR.tmp.22.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                  Source: is-CG0UR.tmp.22.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: BLAoQPacf8.exe, 00000000.00000003.325190587.0000000005C8B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Concurrent.dll( vs BLAoQPacf8.exe
                  Source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWDZHLHJ.EXE .ZZU: vs BLAoQPacf8.exe
                  Source: BLAoQPacf8.exe, 00000000.00000000.305163391.0000000001628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWDZHLHJ.EXE .ZZU: vs BLAoQPacf8.exe
                  Source: dJ9D2LWf.S5p.9.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: ccsearcher.exe.22.drStatic PE information: Section: .text IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: _RegDLL.tmp.22.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: BLAoQPacf8.exeStatic PE information: Section: ZLIB complexity 0.9990102407094594
                  Source: BLAoQPacf8.exeStatic PE information: Section: ZLIB complexity 0.9986430227655987
                  Source: BLAoQPacf8.exeStatic PE information: Section: ZLIB complexity 0.999609375
                  Source: BLAoQPacf8.exeStatic PE information: Section: .reloc ZLIB complexity 1.5
                  Source: installer[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9940592447916666
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: Section: ZLIB complexity 0.9940592447916666
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor PolicyJump to behavior
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@63/74@0/30
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile read: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeFile created: C:\Program Files (x86)\PowerControlJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
                  Source: BLAoQPacf8.exeReversingLabs: Detection: 67%
                  Source: BLAoQPacf8.exeVirustotal: Detection: 60%
                  Source: BLAoQPacf8.exeMetadefender: Detection: 50%
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\BLAoQPacf8.exe "C:\Users\user\Desktop\BLAoQPacf8.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s fhsvc
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s wisvc
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe "C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe "C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe "C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe "C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe "C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe "C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe"
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe "C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe"
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /U .\dJ9D2LWF.S5p /S
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeProcess created: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" -h
                  Source: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp "C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp" /SL4 $20358 "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe" 2324125 52736
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
                  Source: unknownProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                  Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess created: C:\Program Files (x86)\ccSearcher\ccsearcher.exe "C:\Program Files (x86)\ccSearcher\ccsearcher.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k WspService
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "ccsearcher.exe" /f & erase "C:\Program Files (x86)\ccSearcher\ccsearcher.exe" & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "ccsearcher.exe" /f
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess created: C:\Users\user\AppData\Roaming\dIo5PnRp.exe "C:\Users\user\AppData\Roaming\dIo5PnRp.exe"
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess created: C:\Users\user\AppData\Roaming\6Z9UYZuB.exe "C:\Users\user\AppData\Roaming\6Z9UYZuB.exe"
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 5 /tn "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}" /tr "C:\Users\user\AppData\Roaming\Windows\System32\sihost.exe"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /Query /XML /TN "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe "C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe "C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe "C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe "C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe "C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe "C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe "C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe" Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /U .\dJ9D2LWF.S5p /S Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp "C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp" /SL4 $20358 "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe" 2324125 52736
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeProcess created: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" -h
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess created: C:\Users\user\AppData\Roaming\dIo5PnRp.exe "C:\Users\user\AppData\Roaming\dIo5PnRp.exe"
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess created: C:\Users\user\AppData\Roaming\6Z9UYZuB.exe "C:\Users\user\AppData\Roaming\6Z9UYZuB.exe"
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess created: C:\Program Files (x86)\ccSearcher\ccsearcher.exe "C:\Program Files (x86)\ccSearcher\ccsearcher.exe"
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                  Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k WspService
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "ccsearcher.exe" /f & erase "C:\Program Files (x86)\ccSearcher\ccsearcher.exe" & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "ccsearcher.exe" /f
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 5 /tn "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}" /tr "C:\Users\user\AppData\Roaming\Windows\System32\sihost.exe"
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /Query /XML /TN "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}"
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess created: unknown unknown
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;ccsearcher.exe&quot;)
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_6995640Jump to behavior
                  Source: BLAoQPacf8.exe, 00000000.00000003.308046151.00000000036A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: BLAoQPacf8.exe, 00000000.00000003.308046151.00000000036A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: BLAoQPacf8.exe, 00000000.00000003.314979937.0000000001CA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5284:120:WilError_01
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeMutant created: \Sessions\1\BaseNamedObjects\HJSIDHG#WOEJGSDGOHWEGHSDJG
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6512:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:484:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6624:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6640:120:WilError_01
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeMutant created: \Sessions\1\BaseNamedObjects\3289848576344397
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile written: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWindow found: window name: TMainForm
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: BLAoQPacf8.exeStatic file information: File size 2828304 > 1048576
                  Source: BLAoQPacf8.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x172400
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: BLAoQPacf8.exe, 00000000.00000003.332882539.0000000005F0D000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328470174.0000000005C0C000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.331166123.0000000006261000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.326500206.0000000005C8B000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.329076462.0000000005C0C000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: tCcv8lF4UYTMplGGrWDw5cWW.exe, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000002.837584980.0000000000A6E000.00000040.00000001.01000000.00000006.sdmp
                  Source: Binary string: generated .pdb file to be used when linking programs. source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: *) With Windows Visual Studio builds, the .pdb files are installed source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: library installation, ossl_static.pdb is the associate compiler source: BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeUnpacked PE file: 29.2.ccsearcher.exe.400000.0.unpack
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeUnpacked PE file: 7.2.tCcv8lF4UYTMplGGrWDw5cWW.exe.9d0000.0.unpack :ER;.rsrc:R; :R;.idata:W;.themida:EW;.boot:ER; vs :ER;.rsrc:R; :R;
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeUnpacked PE file: 29.2.ccsearcher.exe.400000.0.unpack .text:ER;.od3b8e:R;.pd3b8f:W;.qd3b90:W;.rsrc:R;.react2:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeCode function: 7_2_0163ADA6 push B9FFFFFFh; iretw 7_2_0163ADAB
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_01133163 push ecx; ret 8_2_01133176
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name:
                  Source: BLAoQPacf8.exeStatic PE information: section name: .themida
                  Source: BLAoQPacf8.exeStatic PE information: section name: .boot
                  Source: setup331[1].exe.0.drStatic PE information: section name: .didat
                  Source: installer[1].exe.0.drStatic PE information: section name:
                  Source: installer[1].exe.0.drStatic PE information: section name:
                  Source: installer[1].exe.0.drStatic PE information: section name: .themida
                  Source: installer[1].exe.0.drStatic PE information: section name: .boot
                  Source: tATOZ_TcqCv6HE8KoljJlz43.exe.0.drStatic PE information: section name: .didat
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: section name:
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: section name:
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: section name: .themida
                  Source: tCcv8lF4UYTMplGGrWDw5cWW.exe.0.drStatic PE information: section name: .boot
                  Source: yare1095[1].exe.0.drStatic PE information: section name: _RDATA
                  Source: yare1095[1].exe.0.drStatic PE information: section name: .vmp0
                  Source: yare1095[1].exe.0.drStatic PE information: section name: .vmp1
                  Source: ya8r1xvulFithxJ9UL7uu94j.exe.0.drStatic PE information: section name: _RDATA
                  Source: ya8r1xvulFithxJ9UL7uu94j.exe.0.drStatic PE information: section name: .vmp0
                  Source: ya8r1xvulFithxJ9UL7uu94j.exe.0.drStatic PE information: section name: .vmp1
                  Source: 4Luq2Awo847C90gLhrh33Vce.exe.0.drStatic PE information: section name: __
                  Source: 4Luq2Awo847C90gLhrh33Vce.exe.0.drStatic PE information: section name: __
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe.0.drStatic PE information: section name: ._K)
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe.0.drStatic PE information: section name: .$gT
                  Source: 38em7CPwWyzLEPAoMPchCiaK.exe.0.drStatic PE information: section name: .qD*
                  Source: dIo5PnRp.exe.15.drStatic PE information: section name: .peN
                  Source: dIo5PnRp.exe.15.drStatic PE information: section name: .Nb8
                  Source: dIo5PnRp.exe.15.drStatic PE information: section name: .va$
                  Source: 6Z9UYZuB.exe.15.drStatic PE information: section name: UPX2
                  Source: nss3.dll.15.drStatic PE information: section name: .00cfg
                  Source: msvcp140.dll.15.drStatic PE information: section name: .didat
                  Source: mozglue.dll.15.drStatic PE information: section name: .00cfg
                  Source: freebl3.dll.15.drStatic PE information: section name: .00cfg
                  Source: softokn3.dll.15.drStatic PE information: section name: .00cfg
                  Source: sqlite3.dll.15.drStatic PE information: section name: /4
                  Source: sqlite3.dll.15.drStatic PE information: section name: /19
                  Source: sqlite3.dll.15.drStatic PE information: section name: /31
                  Source: sqlite3.dll.15.drStatic PE information: section name: /45
                  Source: sqlite3.dll.15.drStatic PE information: section name: /57
                  Source: sqlite3.dll.15.drStatic PE information: section name: /70
                  Source: sqlite3.dll.15.drStatic PE information: section name: /81
                  Source: sqlite3.dll.15.drStatic PE information: section name: /92
                  Source: ccsearcher.exe.22.drStatic PE information: section name: .od3b8e
                  Source: ccsearcher.exe.22.drStatic PE information: section name: .pd3b8f
                  Source: ccsearcher.exe.22.drStatic PE information: section name: .qd3b90
                  Source: ccsearcher.exe.22.drStatic PE information: section name: .react2
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
                  Source: _RegDLL.tmp.22.drStatic PE information: real checksum: 0x0 should be: 0x9783
                  Source: is-SL6OH.tmp.12.drStatic PE information: real checksum: 0x0 should be: 0xaba64
                  Source: c7rWZ6AD59zgrdOhi2rzdfQY.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x6730e
                  Source: is-CG0UR.tmp.22.drStatic PE information: real checksum: 0x0 should be: 0xab8cc
                  Source: _iscrypt.dll.22.drStatic PE information: real checksum: 0x0 should be: 0x89d2
                  Source: setup331[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x16e61e
                  Source: N2ANCtOGK6Q7WT1u6BEuU3DI.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x27a405
                  Source: J4v3YeVcg94eAVikz6hmRcrE.exe.0.drStatic PE information: real checksum: 0x0 should be: 0xa4406
                  Source: Service[1].exe.8.drStatic PE information: real checksum: 0x0 should be: 0x6730e
                  Source: _setup64.tmp.22.drStatic PE information: real checksum: 0x0 should be: 0x8cae
                  Source: TrdngAnr6339[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0xa4406
                  Source: dJ9D2LWf.S5p.9.drStatic PE information: real checksum: 0x0 should be: 0x19605f
                  Source: Service[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x6730e
                  Source: PowerControl_Svc.exe.8.drStatic PE information: real checksum: 0x0 should be: 0x6730e
                  Source: 4yIhH87Es5hVNHcV28YUa6Ea.exe.8.drStatic PE information: real checksum: 0x0 should be: 0x6730e
                  Source: tATOZ_TcqCv6HE8KoljJlz43.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x16e61e
                  Source: ya8r1xvulFithxJ9UL7uu94j.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x3c91f5
                  Source: Mvid01XiHg4mGe4qVGe0NVxb.exe.0.drStatic PE information: real checksum: 0x1a90a should be: 0x18b03
                  Source: ccsearcher.exe.22.drStatic PE information: real checksum: 0x0 should be: 0x45656f
                  Source: yare1095[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x3c91f5
                  Source: 6Z9UYZuB.exe.15.drStatic PE information: real checksum: 0x0 should be: 0x416511
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_6995640Jump to behavior
                  Source: initial sampleStatic PE information: section name: .boot entropy: 7.936930737785185
                  Source: initial sampleStatic PE information: section name: entropy: 7.923478771710719
                  Source: initial sampleStatic PE information: section name: entropy: 7.923478771710719
                  Source: initial sampleStatic PE information: section name: __ entropy: 7.628274118411703
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.4117259139148315
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1

                  Persistence and Installation Behavior

                  barindex
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeFile created: C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeFile created: C:\Users\user\AppData\Local\Temp\dJ9D2LWf.S5pJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\LocalLow\softokn3.dllJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\LocalLow\freebl3.dllJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\Roaming\dIo5PnRp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeFile created: C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpFile created: C:\Program Files (x86)\ccSearcher\is-CG0UR.tmpJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ALH74.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Service[1].exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\LocalLow\mozglue.dllJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\setup331[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\installer[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\yare1095[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\TrdngAnr6339[1].exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeFile created: C:\Users\user\AppData\Local\Temp\dJ9D2LWf.S5pJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\LocalLow\vcruntime140.dllJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exeFile created: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpFile created: C:\Program Files (x86)\ccSearcher\ccsearcher.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\LocalLow\nss3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ALH74.tmp\_isetup\_RegDLL.tmpJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeFile created: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\J4v3YeVcg94eAVikz6hmRcrE.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ALH74.tmp\_isetup\_iscrypt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ALH74.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile created: C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpFile created: C:\Program Files (x86)\ccSearcher\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeFile created: C:\Users\user\AppData\Local\Temp\db.dllJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile created: C:\Users\user\AppData\LocalLow\msvcp140.dllJump to dropped file

                  Boot Survival

                  barindex
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 5 /tn "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}" /tr "C:\Users\user\AppData\Roaming\Windows\System32\sihost.exe"

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: AA0005 value: E9 FB BF 62 76
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: 770CC000 value: E9 0A 40 9D 89
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: AB0008 value: E9 AB E0 65 76
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: 7710E0B0 value: E9 60 1F 9A 89
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: AD0005 value: E9 CB 5A 7F 75
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: 762C5AD0 value: E9 3A A5 80 8A
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: AE0005 value: E9 5B B0 80 75
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: 762EB060 value: E9 AA 4F 7F 8A
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: AF0005 value: E9 DB F8 2B 74
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: 74DAF8E0 value: E9 2A 07 D4 8B
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: C10005 value: E9 FB 42 1C 74
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory written: PID: 6488 base: 74DD4300 value: E9 0A BD E3 8B
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeMemory written: PID: 6348 base: 10A0005 value: E9 FB 99 05 76
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeMemory written: PID: 6348 base: 770F9A00 value: E9 0A 66 FA 89
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeMemory written: PID: 6348 base: 2B50007 value: E9 7B 4C 5E 74
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeMemory written: PID: 6348 base: 77134C80 value: E9 8E B3 A1 8B
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeMemory written: PID: 6888 base: DE0005 value: E9 FB 99 31 76
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeMemory written: PID: 6888 base: 770F9A00 value: E9 0A 66 CE 89
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeMemory written: PID: 6888 base: DF0007 value: E9 7B 4C 34 76
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeMemory written: PID: 6888 base: 77134C80 value: E9 8E B3 CB 89
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeFile opened: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe\:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5HQ15BTC-BI2Q-S1J7-YRC6-SZJY3C3CP8J7}\650478DC7424C37C 1
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeSpecial instruction interceptor: First address: 0000000000D19BC6 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeSpecial instruction interceptor: First address: 0000000000CDAC0B instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeSpecial instruction interceptor: First address: 0000000000D190D5 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeSpecial instruction interceptor: First address: 0000000000CADE02 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeRDTSC instruction interceptor: First address: 000000014062B08D second address: 000000014062B0B5 instructions: 0x00000000 rdtsc 0x00000002 cbw 0x00000004 inc ecx 0x00000005 push eax 0x00000006 cmc 0x00000007 bswap edx 0x00000009 push esi 0x0000000a cmc 0x0000000b push ebx 0x0000000c ror bx, 001Ah 0x00000010 inc cx 0x00000012 cmovno ebx, esp 0x00000015 inc eax 0x00000016 setbe dh 0x00000019 dec ecx 0x0000001a mov eax, 00000000h 0x0000001f add byte ptr [eax], al 0x00000021 add byte ptr [eax], al 0x00000023 inc cx 0x00000025 movsx eax, bh 0x00000028 rdtsc
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeRDTSC instruction interceptor: First address: 00000000005ECCF9 second address: 00000000005689DA instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 mov esi, ebp 0x00000005 movsx edx, dx 0x00000008 push ebx 0x00000009 dec al 0x0000000b jmp 00007FA288A58675h 0x00000010 mov ecx, 00000000h 0x00000015 mov bp, di 0x00000018 mov dl, 82h 0x0000001a push ecx 0x0000001b mov esi, dword ptr [esp+28h] 0x0000001f mov edi, ebx 0x00000021 mov edi, 5C276D25h 0x00000026 bswap esi 0x00000028 cmovb ebp, edx 0x0000002b inc esi 0x0000002c bts ax, bx 0x00000030 rol esi, 02h 0x00000033 test esi, 154925B3h 0x00000039 movzx eax, si 0x0000003c xor dx, si 0x0000003f not esi 0x00000041 rdtsc
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeRDTSC instruction interceptor: First address: 00000001402B7CBC second address: 00000001402B7CE4 instructions: 0x00000000 rdtsc 0x00000002 cbw 0x00000004 inc ecx 0x00000005 push eax 0x00000006 cmc 0x00000007 bswap edx 0x00000009 push esi 0x0000000a cmc 0x0000000b push ebx 0x0000000c ror bx, 001Ah 0x00000010 inc cx 0x00000012 cmovno ebx, esp 0x00000015 inc eax 0x00000016 setbe dh 0x00000019 dec ecx 0x0000001a mov eax, 00000000h 0x0000001f add byte ptr [eax], al 0x00000021 add byte ptr [eax], al 0x00000023 inc cx 0x00000025 movsx eax, bh 0x00000028 rdtsc
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeRDTSC instruction interceptor: First address: 00000001401AAB83 second address: 00000001402B7CBC instructions: 0x00000000 rdtsc 0x00000002 pop ebp 0x00000003 pop ecx 0x00000004 inc ecx 0x00000005 xchg bh, al 0x00000007 inc ecx 0x00000008 pop edx 0x00000009 inc ecx 0x0000000a pop edi 0x0000000b pop ebx 0x0000000c cbw 0x0000000e dec ecx 0x0000000f movzx edx, bp 0x00000012 pop edi 0x00000013 pop edx 0x00000014 dec eax 0x00000015 mov eax, 096A6492h 0x0000001b cbw 0x0000001d pop eax 0x0000001e jmp 00007FA288B5EEECh 0x00000023 ret 0x00000024 movdqu dqword ptr [esp+00000160h], xmm0 0x0000002d push F8F9FC9Dh 0x00000032 call 00007FA288A33D15h 0x00000037 push ecx 0x00000038 jmp 00007FA288A8D22Fh 0x0000003d inc ecx 0x0000003e push edx 0x0000003f jmp 00007FA288B52CA9h 0x00000044 push edx 0x00000045 inc ecx 0x00000046 push ebp 0x00000047 dec eax 0x00000048 movzx edx, ax 0x0000004b mov dl, 00h 0x0000004d push ebp 0x0000004e push edi 0x0000004f cdq 0x00000050 mov dl, 10h 0x00000052 inc ecx 0x00000053 push ecx 0x00000054 dec eax 0x00000055 xchg edx, edx 0x00000057 pushfd 0x00000058 dec ebp 0x00000059 movsx ecx, bp 0x0000005c dec ecx 0x0000005d xchg ecx, edx 0x0000005f dec ecx 0x00000060 rcr ecx, cl 0x00000062 inc ecx 0x00000063 push edi 0x00000064 bt edx, 23h 0x00000068 jmp 00007FA288B3A94Dh 0x0000006d inc ecx 0x0000006e push ebx 0x0000006f inc ecx 0x00000070 push esp 0x00000071 dec ecx 0x00000072 movsx edx, sp 0x00000075 push eax 0x00000076 inc ecx 0x00000077 push esi 0x00000078 dec esp 0x00000079 movsx ebx, bx 0x0000007c rdtsc
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeRDTSC instruction interceptor: First address: 000000000087E17C second address: 00000000007C4EBF instructions: 0x00000000 rdtsc 0x00000002 test dx, si 0x00000005 lea ebp, dword ptr [ebp-00000008h] 0x0000000b jmp 00007FA288F0799Bh 0x00000010 mov dword ptr [ebp+00h], edx 0x00000014 shrd edx, ebp, 00000094h 0x00000018 mov dword ptr [ebp+04h], eax 0x0000001b sub esi, 00000004h 0x00000021 btc edx, 24h 0x00000025 mov edx, dword ptr [esi] 0x00000027 xor edx, ebx 0x00000029 jmp 00007FA288497882h 0x0000002e ror edx, 1 0x00000030 test dh, FFFFFFD7h 0x00000033 sub edx, 02D118CFh 0x00000039 clc 0x0000003a stc 0x0000003b rol edx, 1 0x0000003d jmp 00007FA288B3FF54h 0x00000042 xor edx, 05767F08h 0x00000048 stc 0x00000049 clc 0x0000004a xor ebx, edx 0x0000004c add edi, edx 0x0000004e jmp 00007FA288E97C61h 0x00000053 jmp 00007FA2886355B7h 0x00000058 lea eax, dword ptr [esp+60h] 0x0000005c stc 0x0000005d cmp bp, bx 0x00000060 cmp ebp, eax 0x00000062 jmp 00007FA288A18EFDh 0x00000067 ja 00007FA2888F45E3h 0x0000006d jmp edi 0x0000006f mov ecx, dword ptr [ebp+00h] 0x00000073 mov ax, 51F9h 0x00000077 xor dx, 0379h 0x0000007c rdtsc
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exe TID: 6768Thread sleep count: 58 > 30Jump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 5868Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe TID: 4392Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe TID: 4392Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe TID: 6604Thread sleep time: -180000s >= -30000s
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe TID: 6396Thread sleep time: -2400000s >= -30000s
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe TID: 4956Thread sleep time: -30000s >= -30000s
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe TID: 1916Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\svchost.exe TID: 5064Thread sleep count: 156 > 30
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeThread delayed: delay time: 480000
                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 4195
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\softokn3.dllJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dJ9D2LWf.S5pJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\freebl3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ALH74.tmp\_isetup\_RegDLL.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpDropped PE file which has not been started: C:\Program Files (x86)\ccSearcher\is-CG0UR.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ALH74.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ALH74.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpDropped PE file which has not been started: C:\Program Files (x86)\ccSearcher\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\TrdngAnr6339[1].exeJump to dropped file
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeRegistry key enumerated: More than 173 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory allocated: CB0000 memory reserve | memory write watch
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory allocated: 2FB0000 memory reserve | memory write watch
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeMemory allocated: 27F0000 memory reserve | memory write watch
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exeThread delayed: delay time: 480000
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                  Source: svchost.exe, 00000002.00000002.575535120.000001AC9223A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: svchost.exe, 00000006.00000003.462684176.0000028F5CB3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SpeeOEMManufacturerName=VMware,%20Inc.&FlightingPolicyValue=3&En
                  Source: svchost.exe, 00000006.00000002.596487933.0000028F5C220000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProcessorClockSpeed=2195&IsRetailOS=1&OEMManufacturerName=VMware%2C%20Inc.&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.17134.1.amd64fre.rs4_release.180410-1804&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7%2C1&SystemVolumeTotalCapacity=228881&DeviceId=s%3AA2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.Desktop
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                  Source: svchost.exe, 00000002.00000002.575178797.000001AC92229000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000&000000
                  Source: svchost.exe, 00000006.00000002.603851301.0000028F5CB00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ihttps://settings-win.data.microsoft.com/settings/v2.0/FlightSettings/FSService?ISVM=0&ProcessorClockSpeed=2195&IsRetailOS=1&OEMManufacturerName=VMware,%20Inc.&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.17134.1.amd64fre.rs4_release.180410-1804&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7,1&SystemVolumeTotalCapacity=228881&DeviceId=s:A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.Desktop
                  Source: svchost.exe, 00000006.00000002.597801458.0000028F5C23D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.604821766.0000028F5CB27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: svchost.exe, 00000002.00000003.313701687.000001AC92242000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: svchost.exe, 00000006.00000003.462684176.0000028F5CB3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://settings-win.data.microsoft.com/settings/v2.0/FlightSettings/FSService?ISVM=0&ProcessorClockSpeed=2195&IsRetailOS=1&OEMManufacturerName=VMware,%20Inc.&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.17134.1.amd64fre.rs4_release.180410-1804&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7,1&SystemVolumeTotalCapacity=228881&DeviceId=s:A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.Desktopme=
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                  Source: svchost.exe, 00000006.00000003.462684176.0000028F5CB3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s/v2.0/FlightSettings/FSService?ISVM=0&ProcessorClockSpeed=2195&IsRetailOS=1&OEMManufacturerName=VMware,%20Inc.&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.17134.1.amd64fre.rs4_release.180410-1804&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7,1&SystemVolumeTotalCapacity=228881&DeviceId=s:A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.Desktop
                  Source: svchost.exe, 00000006.00000002.603326362.0000028F5C30E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s/v2.0/FlightSettings/FSService?ISVM=0&ProcessorClockSpeed=2195&IsRetailOS=1&OEMManufacturerName=VMware, Inc.&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.17134.1.amd64fre.rs4_release.180410-1804&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7,1&SystemVolumeTotalCapacity=228881&DeviceId=s:A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.DesktopDesktop
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 35 bb 32 33 75 d2 27-52 00 3c e2 4b d4 32 71VMware7,1
                  Source: svchost.exe, 00000006.00000003.462684176.0000028F5CB3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OEMManufacturerName=VMware,%20Inc.&FlightingPolicyValue=3&En
                  Source: svchost.exe, 00000006.00000003.462684176.0000028F5CB3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://settings-win.data.microsoft.com/settings/v2.0/FlightSettings/FSService?ISVM=0&ProcessorClockSpeed=2195&IsRetailOS=1&OEMManufacturerName=VMware,%20Inc.&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.17134.1.amd64fre.rs4_release.180410-1804&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7,1&SystemVolumeTotalCapacity=228881&DeviceId=s:A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.Desktop
                  Source: svchost.exe, 00000006.00000002.597801458.0000028F5C23D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: settings-win.data.microsoft.com/settings/v2.0/FlightSettings/FSService?ISVM=0&ProcessorClockSpeed=2195&IsRetailOS=1&OEMManufacturerName=VMware%2C%20Inc.&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.17134.1.amd64fre.rs4_release.180410-1804&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7%2C1&SystemVolumeTotalCapacity=228881&DeviceId=s%3AA2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.Desktop
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
                  Source: svchost.exe, 00000006.00000003.396348002.0000028F5C3CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware7,1
                  Source: svchost.exe, 00000002.00000002.573102669.000001AC92202000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIES1371
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
                  Source: svchost.exe, 00000006.00000003.462684176.0000028F5CB3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: anvelSource=0&AttrDataVer=186&ProcessorCores=2&BranchReadinessLevelRaw=16&TotalPhysicalRAM=8191&TPMVersion=0&OEMModelNumber=VMware7,1&SystemVolumeTotalCapacity=228881&DeviceId=s:A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8&App=FSS&AppVer=10.0&IntelPlatformId=1&ActiveHoursStart=8&SecureBootCapable=1&ActiveHoursEnd=17&DeviceFamily=Windows.Desktop
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMW71.00V.18227214.B64.210625222006/25/2021
                  Source: svchost.exe, 00000006.00000003.392790717.0000028F5CB11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware-42 35 bb 32 33 75 d2 27-52 00 3c e2 4b d4 32 71
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeSystem information queried: ModuleInformationJump to behavior

                  Anti Debugging

                  barindex
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: regmonclass
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: gbdyllo
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: procmon_window_class
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: ollydbg
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: filemonclass
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_01125B65 mov ecx, dword ptr fs:[00000030h]8_2_01125B65
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0112A648 mov eax, dword ptr fs:[00000030h]8_2_0112A648
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess queried: DebugObjectHandleJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess queried: DebugObjectHandleJump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess queried: DebugObjectHandleJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess queried: DebugPort
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess queried: DebugObjectHandle
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess queried: DebugObjectHandle
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess queried: DebugObjectHandle
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess queried: DebugObjectHandle
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0111CC19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0111CC19
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_011161C0 GetProcessHeap,HeapFree,8_2_011161C0
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess token adjusted: Debug
                  Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeSystem information queried: KernelDebuggerInformation
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0111C2F6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_0111C2F6
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0111CC19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0111CC19
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0111F732 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0111F732

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2493D870000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2E4A0F50000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23FFE3A0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 17738CE0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 14F769B0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1F349FA0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1C475D50000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 171AEBB0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1AA25DB0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 19023F80000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20FBD7A0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23F8CDA0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20293F40000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 292BA6E0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 21FB6ED0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 18986150000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 278EEBA0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 29FC8EA0000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 26EA8270000 protect: page execute and read and write
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: C:\Windows\System32\svchost.exe EIP: 3D870000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: C:\Windows\System32\svchost.exe EIP: A0F50000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: C:\Windows\System32\svchost.exe EIP: FE3A0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: C:\Windows\System32\svchost.exe EIP: 38CE0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: C:\Windows\System32\svchost.exe EIP: 769B0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: 49FA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: 75D50000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: AEBB0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: 25DB0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: 23F80000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: BD7A0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: 8CDA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: 93F40000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: BA6E0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: B6ED0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: 86150000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: EEBA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: C8EA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeThread created: unknown EIP: A8270000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 2493D870000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 2E4A0F50000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 23FFE3A0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 17738CE0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 14F769B0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 1F349FA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 1C475D50000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 171AEBB0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 1AA25DB0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 19023F80000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 20FBD7A0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 23F8CDA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 20293F40000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 292BA6E0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 21FB6ED0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 18986150000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 278EEBA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 29FC8EA0000
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\System32\svchost.exe base: 26EA8270000
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeRegistry value deleted: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\group policy objects\{4AF2285D-66F2-4E24-B224-4B0347864E29}Machine\SOFTWARE\Policies\Microsoft\Windows Defender DisableAntiSpywareJump to behavior
                  Source: C:\Windows\System32\svchost.exeThread register set: target process: 60
                  Source: C:\Windows\System32\svchost.exeThread register set: 60 4D000
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe "C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe "C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe "C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe "C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe "C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe "C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeProcess created: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe "C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe" Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /U .\dJ9D2LWF.S5p /S Jump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exeProcess created: C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe "C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" -h
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess created: C:\Users\user\AppData\Roaming\dIo5PnRp.exe "C:\Users\user\AppData\Roaming\dIo5PnRp.exe"
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeProcess created: C:\Users\user\AppData\Roaming\6Z9UYZuB.exe "C:\Users\user\AppData\Roaming\6Z9UYZuB.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k WspService
                  Source: C:\Program Files (x86)\ccSearcher\ccsearcher.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "ccsearcher.exe" /f & erase "C:\Program Files (x86)\ccSearcher\ccsearcher.exe" & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "ccsearcher.exe" /f
                  Source: C:\Users\user\AppData\Roaming\dIo5PnRp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /Query /XML /TN "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}"
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Roaming\6Z9UYZuB.exeProcess created: unknown unknown
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "ccsearcher.exe" /f
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_0111CA38 cpuid 8_2_0111CA38
                  Source: C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exeCode function: 8_2_01125345 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,8_2_01125345

                  Lowering of HIPS / PFW / Operating System Security Settings

                  barindex
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeRegistry key value created / modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\group policy objects\{4AF2285D-66F2-4E24-B224-4B0347864E29}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                  Source: C:\Users\user\Desktop\BLAoQPacf8.exeFile written: C:\Windows\System32\GroupPolicy\GPT.INIJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000003.440795161.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 38.2.dIo5PnRp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.38em7CPwWyzLEPAoMPchCiaK.exe.10ea84d.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.38em7CPwWyzLEPAoMPchCiaK.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000F.00000003.524714059.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.545294513.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.539746359.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.550907503.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.489630303.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.523465183.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.535153415.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.558024240.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.522049634.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.469725167.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.533563300.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.484746978.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.520204602.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.529998122.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.534243004.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.536624502.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.491643053.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.553660422.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.540892625.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.560460590.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.445380406.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.494187786.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.779000136.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447386475.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.526015370.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.495245937.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.527706860.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.561554570.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.556590533.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.531653272.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.549748652.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.559427747.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.551971341.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.455822144.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.485639220.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.562233299.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.518652474.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.498479637.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.552415581.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.554938607.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.462372522.0000000001130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.521141792.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447653937.0000000001126000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447783579.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.538614694.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447015698.0000000001126000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.1ba0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.1ba0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 29.2.ccsearcher.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001D.00000002.603100240.0000000001BA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.591652469.0000000000400000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.307393179.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
                  Source: C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.3.4Luq2Awo847C90gLhrh33Vce.exe.d30e38.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000003.440795161.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 15.2.38em7CPwWyzLEPAoMPchCiaK.exe.10ea84d.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.38em7CPwWyzLEPAoMPchCiaK.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000F.00000003.524714059.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.545294513.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.539746359.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.550907503.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.489630303.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.523465183.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.535153415.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.558024240.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.522049634.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.469725167.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.533563300.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.484746978.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.520204602.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.529998122.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.534243004.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.536624502.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.491643053.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.553660422.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.540892625.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.560460590.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.445380406.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.494187786.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.779000136.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447386475.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.526015370.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.495245937.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.527706860.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.561554570.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.556590533.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.531653272.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.549748652.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.559427747.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.551971341.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.455822144.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.485639220.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.562233299.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.518652474.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.498479637.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.552415581.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.554938607.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.462372522.0000000001130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.521141792.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447653937.0000000001126000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447783579.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.538614694.000000000112F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.447015698.0000000001126000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.307393179.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid Accounts321
                  Windows Management Instrumentation
                  1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  321
                  Disable or Modify Tools
                  1
                  OS Credential Dumping
                  1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  Exfiltration Over Other Network Medium1
                  Encrypted Channel
                  Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default Accounts1
                  Scheduled Task/Job
                  1
                  Scheduled Task/Job
                  1
                  Bypass User Access Control
                  21
                  Obfuscated Files or Information
                  1
                  Credential API Hooking
                  3
                  File and Directory Discovery
                  Remote Desktop Protocol2
                  Data from Local System
                  Exfiltration Over Bluetooth1
                  Application Layer Protocol
                  Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)511
                  Process Injection
                  251
                  Software Packing
                  Security Account Manager345
                  System Information Discovery
                  SMB/Windows Admin Shares1
                  Credential API Hooking
                  Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)1
                  Scheduled Task/Job
                  1
                  DLL Side-Loading
                  NTDS981
                  Security Software Discovery
                  Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                  Bypass User Access Control
                  LSA Secrets11
                  Process Discovery
                  SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.common22
                  Masquerading
                  Cached Domain Credentials581
                  Virtualization/Sandbox Evasion
                  VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                  Modify Registry
                  DCSync1
                  Application Window Discovery
                  Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job581
                  Virtualization/Sandbox Evasion
                  Proc Filesystem2
                  System Owner/User Discovery
                  Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)511
                  Process Injection
                  /etc/passwd and /etc/shadow1
                  Remote System Discovery
                  Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                  Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                  Hidden Files and Directories
                  Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                  Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                  Rundll32
                  Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 696535 Sample: BLAoQPacf8.exe Startdate: 02/09/2022 Architecture: WINDOWS Score: 100 151 Multi AV Scanner detection for domain / URL 2->151 153 Malicious sample detected (through community Yara rule) 2->153 155 Antivirus detection for URL or domain 2->155 157 22 other signatures 2->157 10 BLAoQPacf8.exe 10 44 2->10         started        15 WmiPrvSE.exe 2->15         started        17 svchost.exe 2->17         started        19 5 other processes 2->19 process3 dnsIp4 137 87.240.132.72 VKONTAKTE-SPB-AShttpvkcomRU Russian Federation 10->137 139 95.142.206.0 VKONTAKTE-SPB-AShttpvkcomRU Russian Federation 10->139 143 12 other IPs or domains 10->143 113 C:\Users\...\tCcv8lF4UYTMplGGrWDw5cWW.exe, PE32 10->113 dropped 115 C:\Users\...\c7rWZ6AD59zgrdOhi2rzdfQY.exe, PE32 10->115 dropped 117 C:\Users\...\Mvid01XiHg4mGe4qVGe0NVxb.exe, PE32 10->117 dropped 119 13 other files (6 malicious) 10->119 dropped 191 Query firmware table information (likely to detect VMs) 10->191 193 Creates HTML files with .exe extension (expired dropper behavior) 10->193 195 Disables Windows Defender (deletes autostart) 10->195 197 4 other signatures 10->197 21 38em7CPwWyzLEPAoMPchCiaK.exe 10->21         started        26 N2ANCtOGK6Q7WT1u6BEuU3DI.exe 10->26         started        28 tCcv8lF4UYTMplGGrWDw5cWW.exe 15 2 10->28         started        32 6 other processes 10->32 30 rundll32.exe 15->30         started        141 20.73.194.208 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 17->141 file5 signatures6 process7 dnsIp8 121 5.252.118.33 QRATORRU Russian Federation 21->121 123 89.208.104.172 PSKSET-ASRU Russian Federation 21->123 125 89.185.85.53 OLIMP-SVYAZ-ASRU Russian Federation 21->125 85 C:\Users\user\AppData\Roaming\dIo5PnRp.exe, PE32 21->85 dropped 87 C:\Users\user\AppData\Roaming\6Z9UYZuB.exe, PE32+ 21->87 dropped 89 C:\Users\user\AppData\...\vcruntime140.dll, PE32 21->89 dropped 101 6 other files (none is malicious) 21->101 dropped 177 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 21->177 179 Query firmware table information (likely to detect VMs) 21->179 181 Tries to harvest and steal browser information (history, passwords, etc) 21->181 183 Tries to steal Crypto Currency Wallets 21->183 34 dIo5PnRp.exe 21->34         started        37 6Z9UYZuB.exe 21->37         started        91 C:\Users\user\AppData\Local\...\is-SL6OH.tmp, PE32 26->91 dropped 39 is-SL6OH.tmp 26->39         started        127 172.217.168.36 GOOGLEUS United States 28->127 185 Hides threads from debuggers 28->185 187 Hides that the sample has been downloaded from the Internet (zone.identifier) 28->187 189 Tries to detect sandboxes / dynamic malware analysis system (registry check) 28->189 42 rundll32.exe 30->42         started        129 208.95.112.1 TUT-ASUS United States 32->129 131 149.154.167.99 TELEGRAMRU United Kingdom 32->131 133 5 other IPs or domains 32->133 93 C:\Users\...\4yIhH87Es5hVNHcV28YUa6Ea.exe, PE32 32->93 dropped 95 C:\...\PowerControl_Svc.exe, PE32 32->95 dropped 97 C:\Users\user\AppData\Local\...\dJ9D2LWf.S5p, PE32 32->97 dropped 99 C:\Users\user\AppData\...\Service[1].exe, PE32 32->99 dropped 44 Mvid01XiHg4mGe4qVGe0NVxb.exe 32->44         started        47 conhost.exe 32->47         started        49 conhost.exe 32->49         started        51 regsvr32.exe 32->51         started        file9 signatures10 process11 dnsIp12 159 Multi AV Scanner detection for dropped file 34->159 161 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 34->161 163 Query firmware table information (likely to detect VMs) 34->163 175 4 other signatures 34->175 53 schtasks.exe 34->53         started        55 schtasks.exe 34->55         started        103 C:\Program Files (x86)\...\ccsearcher.exe, PE32 39->103 dropped 105 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 39->105 dropped 107 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 39->107 dropped 111 4 other files (none is malicious) 39->111 dropped 165 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 39->165 167 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 39->167 57 ccsearcher.exe 39->57         started        169 Writes to foreign memory regions 42->169 171 Allocates memory in foreign processes 42->171 173 Creates a thread in another existing process (thread injection) 42->173 60 svchost.exe 42->60 injected 63 svchost.exe 42->63 injected 65 svchost.exe 42->65 injected 69 2 other processes 42->69 145 104.21.40.196 CLOUDFLARENETUS United States 44->145 147 172.67.188.70 CLOUDFLARENETUS United States 44->147 109 C:\Users\user\AppData\Local\Temp\db.dll, PE32 44->109 dropped 67 conhost.exe 44->67         started        file13 signatures14 process15 dnsIp16 71 conhost.exe 53->71         started        73 conhost.exe 55->73         started        135 208.67.104.97 GRAYSON-COLLIN-COMMUNICATIONSUS United States 57->135 75 cmd.exe 57->75         started        199 Sets debug register (to hijack the execution of another thread) 60->199 201 Modifies the context of a thread in another process (thread injection) 60->201 77 svchost.exe 60->77         started        signatures17 process18 dnsIp19 81 conhost.exe 75->81         started        83 taskkill.exe 75->83         started        149 34.142.181.181 ATGS-MMD-ASUS United States 77->149 203 Query firmware table information (likely to detect VMs) 77->203 signatures20 process21

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  BLAoQPacf8.exe68%ReversingLabsWin32.Backdoor.Zapchast
                  BLAoQPacf8.exe60%VirustotalBrowse
                  BLAoQPacf8.exe50%MetadefenderBrowse
                  BLAoQPacf8.exe100%Joe Sandbox ML
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exe100%AviraHEUR/AGEN.1213251
                  C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe100%AviraHEUR/AGEN.1213251
                  C:\Program Files (x86)\ccSearcher\ccsearcher.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\setup331[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\installer[1].exe100%Joe Sandbox ML
                  C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe100%Joe Sandbox ML
                  SourceDetectionScannerLabelLinkDownload
                  38.2.dIo5PnRp.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  33.0.svchost.exe.23ffe9b0000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  29.2.ccsearcher.exe.1ba0000.1.unpack100%AviraHEUR/AGEN.1215503Download File
                  40.0.svchost.exe.17739340000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  8.0.c7rWZ6AD59zgrdOhi2rzdfQY.exe.10e0000.0.unpack100%AviraHEUR/AGEN.1213251Download File
                  27.2.rundll32.exe.3120000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  15.0.38em7CPwWyzLEPAoMPchCiaK.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  40.2.svchost.exe.17739340000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  22.2.is-SL6OH.tmp.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                  32.0.svchost.exe.2e4a1010000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  13.2.4Luq2Awo847C90gLhrh33Vce.exe.400000.0.unpack100%AviraHEUR/AGEN.1210626Download File
                  29.2.ccsearcher.exe.400000.0.unpack100%AviraHEUR/AGEN.1250671Download File
                  15.2.38em7CPwWyzLEPAoMPchCiaK.exe.10ea84d.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  38.0.dIo5PnRp.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  41.2.svchost.exe.14f76fb0000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  33.2.svchost.exe.23ffe9b0000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  28.0.svchost.exe.2493d930000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  12.3.N2ANCtOGK6Q7WT1u6BEuU3DI.exe.2084000.4.unpack100%AviraTR/ATRAPS.GenDownload File
                  28.2.svchost.exe.2493d930000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  13.0.4Luq2Awo847C90gLhrh33Vce.exe.400000.0.unpack100%AviraHEUR/AGEN.1210626Download File
                  30.2.svchost.exe.246ab600000.1.unpack100%AviraTR/ATRAPS.Gen2Download File
                  32.2.svchost.exe.2e4a1010000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  12.2.N2ANCtOGK6Q7WT1u6BEuU3DI.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                  8.2.c7rWZ6AD59zgrdOhi2rzdfQY.exe.10e0000.0.unpack100%AviraHEUR/AGEN.1213251Download File
                  41.0.svchost.exe.14f76fb0000.0.unpack100%AviraTR/ATRAPS.Gen2Download File
                  15.2.38em7CPwWyzLEPAoMPchCiaK.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  http://www.fontbureau.comessed0%URL Reputationsafe
                  http://www.fontbureau.comalsF0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
                  http://www.sakkal.comX0%URL Reputationsafe
                  http://www.galapagosdesign.com/0%URL Reputationsafe
                  http://www.fontbureau.come.com0%URL Reputationsafe
                  http://www.fontbureau.comlvfet0%URL Reputationsafe
                  http://www.carterandcone.com0%URL Reputationsafe
                  https://smartectechnologies.com/12/TrdngAnr6339.exe0%Avira URL Cloudsafe
                  http://62.204.41.123/installer.exeC:100%Avira URL Cloudmalware
                  https://1landota.click/331_331/setup331.exe0%Avira URL Cloudsafe
                  https://cdn.discordapp.cf100%Avira URL Cloudphishing
                  http://cachebleed.info.0%VirustotalBrowse
                  http://cachebleed.info.0%Avira URL Cloudsafe
                  http://www.isg.rhul.ac.uk/tls/0%Avira URL Cloudsafe
                  https://smartectechnologies.com/12/TrdngAnr6339.exe18%VirustotalBrowse
                  https://analytics.tiktok.com0%Avira URL Cloudsafe
                  https://1landota.click/331_331/setup331.exe1%VirustotalBrowse
                  http://62.204.41.123/installer.exen100%Avira URL Cloudmalware
                  http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).0%Avira URL Cloudsafe
                  http://www.fontbureau.comcomk0%Avira URL Cloudsafe
                  http://107.182.129.251/download/Service.exeivers100%Avira URL Cloudmalware
                  http://www.fontbureau.comnc.nl0%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/e(0%Avira URL Cloudsafe
                  https://stats.vk-portal.net0%Avira URL Cloudsafe
                  http://62.204.41.123/installer.exe$100%Avira URL Cloudmalware
                  http://107.182.129.251/download/Service.exe100%Avira URL Cloudmalware
                  http://62.204.41.123/installer.exe.100%Avira URL Cloudmalware
                  http://www.lothar.com/tech/crypto/0%Avira URL Cloudsafe
                  https://www.akkadia.org/drepper/SHA-crypt.txt0%Avira URL Cloudsafe
                  http://www.fontbureau.comd-p0%Avira URL Cloudsafe
                  https://smartectechnologies.com:80/12/TrdngAnr6339.exe0%Avira URL Cloudsafe
                  http://www.fontbureau.comasF0%Avira URL Cloudsafe
                  No contacted domains info
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://gcc.gnu.org/bugs/):BLAoQPacf8.exe, 00000000.00000003.361761761.0000000006035000.00000004.00000001.00020000.00000000.sdmpfalse
                    high
                    https://smartectechnologies.com/12/TrdngAnr6339.exeBLAoQPacf8.exe, 00000000.00000003.330753065.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324932334.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323520207.0000000004547000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328956957.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324388775.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327677105.0000000004543000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                    • 18%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    unknown
                    http://cachebleed.info.BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    unknown
                    https://ipinfo.io/https://db-ip.com/https://www.maxmind.com/en/locate-my-ip-addresshttps://ipgeolocaBLAoQPacf8.exe, 00000000.00000003.308046151.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      high
                      https://st6-23.vk.com/dist/lottie.7d914fa3404556039ac3.js?ce04f009a75e25b9914fBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://cdn.discordapp.cfBLAoQPacf8.exe, 00000000.00000003.324327789.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323422008.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323691903.0000000004587000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: phishing
                        unknown
                        https://vk.com:80/doc743379129_647582399?hash=mQRYKUze4fwd4Zl44ZryWOfPAUHezklHRZfZQh3tiEL&dl=G42DGMZBLAoQPacf8.exe, 00000000.00000003.330873204.0000000004575000.00000004.00000001.00020000.00000000.sdmpfalse
                          high
                          https://papi.vk.com/pushsse/ruimBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                            high
                            https://st6-23.vk.com/dist/audioplayer.82fab98a266a96c3507a.js?295cfd9831585b86747208fBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              http://www.fontbureau.com/designerstCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://telegram.orgBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  http://www.fontbureau.comessedtCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.612161450.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.614079709.0000000009811000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://1landota.click/331_331/setup331.exeBLAoQPacf8.exe, 00000000.00000003.342442347.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.fontbureau.comalsFtCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.612161450.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.614079709.0000000009811000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://ipinfo.io/Content-Type:BLAoQPacf8.exe, 00000000.00000003.330904585.0000000005D05000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.326831505.0000000005CFC000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327291060.0000000005CFC000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.325327356.0000000005D04000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330042092.0000000005CFA000.00000004.00000001.00020000.00000000.sdmpfalse
                                    high
                                    http://62.204.41.123/installer.exeC:BLAoQPacf8.exe, 00000000.00000003.327645255.0000000004536000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324339111.0000000004536000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379265989.000000000453B000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328936449.0000000004538000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.332861513.0000000004537000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324919013.000000000453A000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    unknown
                                    https://vk.comBLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://www.google.comtCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.432058507.00000000036E3000.00000004.00001000.00020000.00000000.sdmpfalse
                                        high
                                        https://www.instagram.comBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          http://www.jiyu-kobo.co.jp/8tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.554358055.0000000009814000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          https://sun6-21.userapi.com/c237331/u743379129/docs/d31/f82651545808/Galaxy_7.bmp?extra=G5XNfpEhdvCGBLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpfalse
                                            high
                                            https://analytics.tiktok.comBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://sun6-21.userapi.com/?BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmpfalse
                                              high
                                              https://yastatic.netBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                http://rt.openssl.org/Ticket/Display.html?id=2836.BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.isg.rhul.ac.uk/tls/BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://st6-23.vk.com/dist/web/likes.bd14b46915622488a35a.cssBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://st6-23.vk.com/dist/web/docs.e63c0a8140ff1e11d6ae.js?BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.jiyu-kobo.co.jp/Y0tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.555368243.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://st6-23.vk.com/dist/web/ui_common.bd14b46915622488a35a.cssBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        http://62.204.41.123/installer.exenBLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        unknown
                                                        https://vk.com/doc743379129_647582426?hash=Ri1Uj29yeI52zoqUzqZoGm9MktdF1BQzeD27MH47fDw&dl=G42DGMZXHEBLAoQPacf8.exe, 00000000.00000003.328850249.0000000001CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://vk.com:80/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.sakkal.comXtCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.562935805.0000000009811000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://st6-23.vk.com/css/al/uncommon.84f06003a992b59f7a86.cssBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://vk.com/doc743379129_647553944?hash=RUzkh03sehOQ5DxuLDqCnRHhqt55SrrZhQogSNZEzCz&dl=G42DGMZXHEBLAoQPacf8.exe, 00000000.00000003.362093326.0000000001CFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://vk.com:80/doc743379129_647582426?hash=Ri1Uj29yeI52zoqUzqZoGm9MktdF1BQzeD27MH47fDw&dl=G42DGMZBLAoQPacf8.exe, 00000000.00000003.382303472.0000000001CEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://vk.com/away.php?to=https%3A%2F%2F1l-go.mail.ru%2Fr%2Fadid%2F3245029_2013344%2Fpid%2F102819%2BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://ton.twimg.comBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://eprint.iacr.org/2007/039BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://www.galapagosdesign.com/tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.635385493.000000000980C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://st6-23.vk.com/dist/common.73e2145ecfc10ef6ac9d.js?29535731a7510e8d2adb0d7BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://vk.com/doc743379129_647509278?hash=SN7Eb0mNZVaZaZD18WXSJ2cGCvK5hGrWW2za85DM8dT&dl=G42DGMZXHEBLAoQPacf8.exe, 00000000.00000003.332752186.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://vk.com:80/doc743379129_647509278?hash=SN7Eb0mNZVaZaZD18WXSJ2cGCvK5hGrWW2za85DM8dT&dl=G42DGMZBLAoQPacf8.exe, 00000000.00000003.328850249.0000000001CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.fontbureau.comcomktCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              http://107.182.129.251/download/Service.exeiversBLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              unknown
                                                                              https://sun6-20.userapi.com/BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://vk.com/doc746114588_646325992?hash=LuhcCrhZuyYpXNOi0mdZvZUD5l1onzWolI8PqAiIGY4&dl=G42DMMJRGQBLAoQPacf8.exe, 00000000.00000003.382303472.0000000001CEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQBLAoQPacf8.exe, 00000000.00000003.321056602.0000000001CD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.fontbureau.comnc.nltCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.581316417.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.580896123.0000000009815000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://sun6-22.userapi.com/BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://login.vk.com/?act=logout&hash=30fa9c25119e16d3ff&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcrBLAoQPacf8.exe, 00000000.00000003.321056602.0000000001CD3000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://st6-23.vk.com/dist/web/ui_common.a6abbae213870a1d6df3.js?BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://www.fontbureau.come.comtCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.690406964.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.692252837.0000000009811000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://st6-23.vk.com/dist/bbd3772e7186114b708bce2cac0c3676.3c2cbcd43e9c477fc4f3.js?7800c15fde704ee3BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.jiyu-kobo.co.jp/e(tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.559446131.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560963052.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.561538304.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.558404415.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.560324261.0000000009814000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://st6-23.vk.com/dist/web/css_types.8f53544ca3d7e69ad08d.js?8fc29cc169b58ca6d004BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://vk.com:80/doc743379129_647553944?hash=RUzkh03sehOQ5DxuLDqCnRHhqt55SrrZhQogSNZEzCz&dl=G42DGMZBLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://stats.vk-portal.netBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                http://62.204.41.123/installer.exe$BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324430975.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330832917.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324989591.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327733090.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                unknown
                                                                                                https://cdn.discordapp.com:80/attachments/738909412961550448/999676559776546917/WW20_2022-07-19_10-1BLAoQPacf8.exe, 00000000.00000003.323380864.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.378960064.000000000457D000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327256612.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323520207.0000000004547000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.328777863.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330886986.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335702572.0000000004575000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324449911.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343305065.0000000004575000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324905294.000000000457F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://vk.com/doc743379129_647582399?hash=mQRYKUze4fwd4Zl44ZryWOfPAUHezklHRZfZQh3tiEL&dl=G42DGMZXHEBLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://tagmanager.google.comBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://st6-23.vk.com/dist/web/sentry.d578a9f776ffe26f46e9.js?cfbdc5db59f97329368478691658ba1eBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://www.fontbureau.com/designers/frere-jones.htmltCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603425124.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.602773883.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597952528.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.601024214.0000000009820000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599980418.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.598943821.000000000981F000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597884918.000000000981B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://s.ytimg.comBLAoQPacf8.exe, 00000000.00000003.321041976.0000000001CC6000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://wiki.openssl.org/index.php/Binaries.BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://vk.com/m32BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330832917.0000000004561000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://ip-api.com/json/?fields=8198svchost.exe, 0000001E.00000002.881992927.00000246AD570000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://r.mradx.netBLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://sun6-21.userapi.com/c235031/u743379129/docs/d51/c924d07213d9/911.bmp?extra=gMDY-BJDp5kskfYnwBLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://www.fontbureau.comlvfettCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.581316417.0000000009812000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://st6-23.vk.com/css/al/common.d0bace0245d69fBLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://107.182.129.251/download/Service.exeBLAoQPacf8.exe, 00000000.00000003.328936449.0000000004538000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: malware
                                                                                                                        unknown
                                                                                                                        https://st6-23.vk.com/css/al/fonts_utf.9521539dd439e0c6a9c5.cssBLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://vk.com:80/doc743379129_647582284?hash=OOm3VcekZ6Bc04d6BATEwGzWFdStOJf100Dm7Kj5VW0&dl=G42DGMZBLAoQPacf8.exe, 00000000.00000003.330873204.0000000004575000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://st6-23.vk.com/dist/web/grip.7ada28367f5da83dade5.js?e819c1c3cb0630f94765d1aa684b92ebBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00.BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://st6-23.vk.com/dist/web/jobs_devtools_notification.063ca481b5b6da7c2e3b.js?8d6f1578d61ad984a0BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://sun6-21.userapi.com/lBLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://62.204.41.123/installer.exe.BLAoQPacf8.exe, 00000000.00000003.343276098.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324430975.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.382636810.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335568701.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.329003369.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.380056348.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.330832917.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324989591.0000000004565000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327733090.0000000004561000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323566684.0000000004568000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                    unknown
                                                                                                                                    http://www.lothar.com/tech/crypto/BLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    unknown
                                                                                                                                    http://www.stack.nl/~dimitri/doxygen/index.htmlBLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://static.vk.meBLAoQPacf8.exe, 00000000.00000003.321032724.0000000001CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://sun6-20.userapi.com/c236331/u743379129/docs/d26/059051d765db/setup1.bmp?extra=cKjpvqfNskqSW0BLAoQPacf8.exe, 00000000.00000003.343163903.000000000453A000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.379326812.0000000004541000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343331769.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.346998511.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://st6-23.vk.com/css/al/ui_common.f84b667095c1513ae4a5.cssBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://st6-23.vk.com/css/al/base.c38209f5b716d50b8c33.cssBLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.336813086.0000000001CEB000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://st6-23.vk.comBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335742685.0000000001CEF000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335502391.0000000004541000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://www.akkadia.org/drepper/SHA-crypt.txtBLAoQPacf8.exe, 00000000.00000003.308242299.00000000036A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                https://st6-23.vk.com/dist/web/unauthorized.87ce256ec55e2e3e5ca3.js?b414b642420ac2730c4b22b7d77ad654BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://st6-23.vk.com/dist/palette.4bf277d762d64ef3a7d6.js?b68dce9304b8c6b2f831BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://st6-23.vk.com/dist/web/raven_logger.623b77e762e28b5383ed.js?6abf3dfae84b9088c4f276393284dabdBLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://vk.com/~BLAoQPacf8.exe, 00000000.00000003.321070662.0000000001CDA000.00000004.00000020.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.321056602.0000000001CD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://cdn.discordapp.com/BLAoQPacf8.exe, 00000000.00000003.324327789.0000000004587000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://www.fontbureau.comd-ptCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.607187578.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603017397.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.595868127.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.605320347.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.604502337.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          unknown
                                                                                                                                                          https://smartectechnologies.com:80/12/TrdngAnr6339.exeBLAoQPacf8.exe, 00000000.00000003.344518342.0000000004581000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327256612.000000000457F000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343443789.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.327588843.0000000004583000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.324327789.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323218774.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323422008.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.323691903.0000000004587000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.343331769.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.346998511.0000000004582000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.349079791.0000000004581000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          unknown
                                                                                                                                                          http://www.carterandcone.comtCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.538266777.000000000982B000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.549173186.000000000982D000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.539603366.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.540329317.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.539230398.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.538800231.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.537656298.000000000982B000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.540780727.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.539967105.000000000982C000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.543671630.000000000982D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          unknown
                                                                                                                                                          http://www.fontbureau.comasFtCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.599545739.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592826471.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.592034008.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.603017397.0000000009814000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.595868127.0000000009812000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.585878755.0000000009811000.00000004.00000800.00020000.00000000.sdmp, tCcv8lF4UYTMplGGrWDw5cWW.exe, 00000007.00000003.597571769.0000000009814000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          unknown
                                                                                                                                                          https://st6-23.vk.com/dist/web/common_web.c147345fc2dd7e810e73.js?BLAoQPacf8.exe, 00000000.00000003.320933884.0000000004531000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.335153246.0000000005BE1000.00000004.00000001.00020000.00000000.sdmp, BLAoQPacf8.exe, 00000000.00000003.320998650.0000000001CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs
                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            85.209.157.230
                                                                                                                                                            unknownNetherlands
                                                                                                                                                            18978ENZUINC-USfalse
                                                                                                                                                            94.228.116.72
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            61333ASTRALUSDEfalse
                                                                                                                                                            116.203.105.117
                                                                                                                                                            unknownGermany
                                                                                                                                                            24940HETZNER-ASDEfalse
                                                                                                                                                            87.240.132.72
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            47541VKONTAKTE-SPB-AShttpvkcomRUfalse
                                                                                                                                                            149.154.167.99
                                                                                                                                                            unknownUnited Kingdom
                                                                                                                                                            62041TELEGRAMRUfalse
                                                                                                                                                            8.8.8.8
                                                                                                                                                            unknownUnited States
                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                            62.204.41.123
                                                                                                                                                            unknownUnited Kingdom
                                                                                                                                                            30798TNNET-ASTNNetOyMainnetworkFIfalse
                                                                                                                                                            162.159.130.233
                                                                                                                                                            unknownUnited States
                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                            20.73.194.208
                                                                                                                                                            unknownUnited States
                                                                                                                                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                            95.142.206.0
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            47541VKONTAKTE-SPB-AShttpvkcomRUfalse
                                                                                                                                                            89.208.104.172
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            42569PSKSET-ASRUfalse
                                                                                                                                                            95.142.206.2
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            47541VKONTAKTE-SPB-AShttpvkcomRUfalse
                                                                                                                                                            95.142.206.1
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            47541VKONTAKTE-SPB-AShttpvkcomRUfalse
                                                                                                                                                            91.103.219.221
                                                                                                                                                            unknownUnited Kingdom
                                                                                                                                                            198047UKWEB-EQXGBfalse
                                                                                                                                                            34.117.59.81
                                                                                                                                                            unknownUnited States
                                                                                                                                                            139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                            104.21.40.196
                                                                                                                                                            unknownUnited States
                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                            5.252.118.33
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            197068QRATORRUfalse
                                                                                                                                                            89.185.85.53
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            41757OLIMP-SVYAZ-ASRUfalse
                                                                                                                                                            163.123.143.4
                                                                                                                                                            unknownReserved
                                                                                                                                                            1767ILIGHT-NETUSfalse
                                                                                                                                                            107.182.129.251
                                                                                                                                                            unknownReserved
                                                                                                                                                            11070META-ASUSfalse
                                                                                                                                                            208.95.112.1
                                                                                                                                                            unknownUnited States
                                                                                                                                                            53334TUT-ASUSfalse
                                                                                                                                                            172.217.168.36
                                                                                                                                                            unknownUnited States
                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                            212.193.30.115
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            57844SPD-NETTRfalse
                                                                                                                                                            172.67.188.70
                                                                                                                                                            unknownUnited States
                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                            148.251.234.93
                                                                                                                                                            unknownGermany
                                                                                                                                                            24940HETZNER-ASDEfalse
                                                                                                                                                            208.67.104.97
                                                                                                                                                            unknownUnited States
                                                                                                                                                            20042GRAYSON-COLLIN-COMMUNICATIONSUStrue
                                                                                                                                                            45.136.151.102
                                                                                                                                                            unknownLatvia
                                                                                                                                                            18978ENZUINC-USfalse
                                                                                                                                                            172.67.147.230
                                                                                                                                                            unknownUnited States
                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                            34.142.181.181
                                                                                                                                                            unknownUnited States
                                                                                                                                                            2686ATGS-MMD-ASUSfalse
                                                                                                                                                            IP
                                                                                                                                                            192.168.2.1
                                                                                                                                                            Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                            Analysis ID:696535
                                                                                                                                                            Start date and time:2022-09-02 13:46:21 +02:00
                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 16m 13s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Sample file name:BLAoQPacf8.exe
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                            Number of analysed new started processes analysed:47
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:5
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • HDC enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@63/74@0/30
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            HDC Information:
                                                                                                                                                            • Successful, ratio: 100% (good quality ratio 95.3%)
                                                                                                                                                            • Quality average: 81.3%
                                                                                                                                                            • Quality standard deviation: 25.6%
                                                                                                                                                            HCA Information:Failed
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Adjust boot time
                                                                                                                                                            • Enable AMSI
                                                                                                                                                            • Override analysis time to 240s for rundll32
                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            13:48:18API Interceptor27x Sleep call for process: ya8r1xvulFithxJ9UL7uu94j.exe modified
                                                                                                                                                            13:48:32API Interceptor1x Sleep call for process: svchost.exe modified
                                                                                                                                                            13:48:40API Interceptor4x Sleep call for process: Mvid01XiHg4mGe4qVGe0NVxb.exe modified
                                                                                                                                                            13:50:14Task SchedulerRun new task: Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E} path: C:\Users\user\AppData\Roaming\Windows\System32\sihost.exe
                                                                                                                                                            13:50:25Task SchedulerRun new task: PowerControl HR path: C:\Program s>Files (x86)\PowerControl\PowerControl_Svc.exe
                                                                                                                                                            13:50:25Task SchedulerRun new task: PowerControl LG path: C:\Program s>Files (x86)\PowerControl\PowerControl_Svc.exe
                                                                                                                                                            13:51:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run csrss "C:\Windows\rss\csrss.exe"
                                                                                                                                                            13:51:30Task SchedulerRun new task: csrss path: C:\Windows\rss\csrss.exe
                                                                                                                                                            13:51:38AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run csrss "C:\Windows\rss\csrss.exe"
                                                                                                                                                            No context
                                                                                                                                                            No context
                                                                                                                                                            No context
                                                                                                                                                            No context
                                                                                                                                                            No context
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):410112
                                                                                                                                                            Entropy (8bit):6.362808688244883
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:NrkuBHTtY9Jgfq80nzm5tBD2AsG8x0Ca0Hv06A0md0OUGHLzmijOceK2HSw3pXqC:NrkIT/y8T5PVsSnXOc+HSQJKLw
                                                                                                                                                            MD5:9519C85C644869F182927D93E8E25A33
                                                                                                                                                            SHA1:EADC9026E041F7013056F80E068ECF95940EA060
                                                                                                                                                            SHA-256:F0DC8FA1A18901AC46F4448E434C3885A456865A3A309840A1C4AC67FD56895B
                                                                                                                                                            SHA-512:DCC1DD25BBA19AAF75EC4A1A69DC215EB519E9EE3B8F7B1BD16164B736B3AA81389C076ED4E8A17A1CBFAEC2E0B3155DF039D1BCA3C7186CFEB9950369BCCF23
                                                                                                                                                            Malicious:true
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MALWARE_Win_DLInjector06, Description: Detects downloader / injector, Source: C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe, Author: ditekSHen
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H\.i.\.i.\.i...j.V.i...l...i...m.M.i...j.J.i...l.w.i...m.I.i...h.U.i.\.h. .i...`.Y.i.....].i...k.].i.Rich\.i.........................PE..L...S..b.................Z...................p....@.......................................@.................................8...d....@.......................P...&..\...8...............................@............p...............................text.../Y.......Z.................. ..`.rdata..F....p.......^..............@..@.data........ ......................@....rsrc........@......................@..@.reloc...&...P...(..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):4505597
                                                                                                                                                            Entropy (8bit):5.627430028659018
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:NHNYtvYtzYtFYtbYthYt7z+gV50E7u3epXWi8a+MXgB+:f+gVyxOpd9QB+
                                                                                                                                                            MD5:0545F55B7F65691C450919EE98E9C6B8
                                                                                                                                                            SHA1:C8F38ECDC90A4CE2B18F19F15A4E379A721D9A0F
                                                                                                                                                            SHA-256:8338B9F05765B0DDB973EAF84159868E6A1389A0172EA70FD32E30F39CF2B3E8
                                                                                                                                                            SHA-512:C9228888265F3BBDF846C5FB3B210AD85A494040BD28CD46F225B728D77B77C0A4A6428DFC1D724486BA955A75DE1EABAE4B6DF64552A26318A6DE0AB21B92A6
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..c.........."..........p......`.............@...........................$.....................................................................................................................................................................text....~..........................!..`.od3b8e..*.......0..................A..A.pd3b8f.............................@....qd3b90.............................@....rsrc.... ....... ..................@..A.react2...+.......+.................`...................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):356
                                                                                                                                                            Entropy (8bit):4.884558011565004
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:AySGO4KS/x4L8ThcSRFLk6XDuwOyoExvWmFuQUqvJrdt6YAhlAjyIDHAUXV4:Ayf3WPSPLkP/fEFWm/5v3t/byGgH
                                                                                                                                                            MD5:461D6293779BDEF19493C351344F2B71
                                                                                                                                                            SHA1:C441B7DAA5ABF8A2872D55F47585657147451C72
                                                                                                                                                            SHA-256:0C2BD3D1AEB04523291BC72424C802E36C1733E0B72FA775B9DD0A4E9CADE263
                                                                                                                                                            SHA-512:D41DBDF10A61CEDE90D68F1F7E351D9DA441026F7CF9C12AB6ADA017B185455DDBFED74760A3DD3D67ED10A9B1915E79F6ACFF70850B626C68CB1E2B22FC9C25
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:All checksum in MD5....completed.wav..8e46be5a4155710361181e3b67373404..history.rtf..1bfcde2b3d557cfb8b9004055d3a90f5..license_en.rtf..1ae62f00fc368364a2de668b3299d793..license_ru.rtf..fe7c9c6f6e8f720f886bcc65fa2d9b20..nsearcher.exe..c5e7acbda2f8bfa49bd9580120aac7b2..reset.bat..aaa149e55ddae6393fe099990747da94..unins.ico..b8ed55bf81883d2becf23fc020585214
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):272134
                                                                                                                                                            Entropy (8bit):6.156729185977344
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:TNKofL3cEjxCryOOYJH+8a1anwxrcSOQmlBkO+kKo:TNNzsEjxCryOOYvbnwxrcewf+1o
                                                                                                                                                            MD5:8E46BE5A4155710361181E3B67373404
                                                                                                                                                            SHA1:18A19A04DD6E4BFE6731E6978F2CB295E1C52174
                                                                                                                                                            SHA-256:32AB0D1DF26B0DCFE78D393A1F2534D1DAA5BABC6980017303ED925682CE19D0
                                                                                                                                                            SHA-512:5497EEF00048125D67551FBF22747654D97903F0622830299792159DC8532013191FB006A832E7CE2B4383EE2EC67B7B7C1D06C25CF34EEB118D050AC89DC3B7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:RIFF.&..WAVEfmt ........D.............LIST....INFOIART.... ..ICMT....mp3cut.ru ..ICRD.... ..INAM.... ..IPRD.... ..IPRT....1.ISFT....Lavf55.22.100.data.&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:Rich Text Format data, version 1, unknown character set
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):44381
                                                                                                                                                            Entropy (8bit):4.886111144563166
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:zDkO4WdW2OTYn/akuhSm9eDAmWZJ6Sr82Zeo75Y3kpTBLRA6AlEayr:zDEDhSm9aHZ/6A92
                                                                                                                                                            MD5:1BFCDE2B3D557CFB8B9004055D3A90F5
                                                                                                                                                            SHA1:678353ADC2CACD12555EF12F5D94FC03CD07707E
                                                                                                                                                            SHA-256:A8FBA72D4B1FB03EE40A9472430275499E361BBD74144D9956232EF2FDA0407A
                                                                                                                                                            SHA-512:DF9FDB20B2054328431AA5F0D0014D949AF4BE3BFC0CB1E3D77BEDD4626DEEA83FDA259352765C04985087E260EB03FF7B337C1D4D54878EC210EFBEA6A36AD1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\f34\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f39\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604030504040204}Verdana;}..{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fhimajor\f31502\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbminor\f31505\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Rom
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:Rich Text Format data, version 1, unknown character set
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):44381
                                                                                                                                                            Entropy (8bit):4.886111144563166
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:zDkO4WdW2OTYn/akuhSm9eDAmWZJ6Sr82Zeo75Y3kpTBLRA6AlEayr:zDEDhSm9aHZ/6A92
                                                                                                                                                            MD5:1BFCDE2B3D557CFB8B9004055D3A90F5
                                                                                                                                                            SHA1:678353ADC2CACD12555EF12F5D94FC03CD07707E
                                                                                                                                                            SHA-256:A8FBA72D4B1FB03EE40A9472430275499E361BBD74144D9956232EF2FDA0407A
                                                                                                                                                            SHA-512:DF9FDB20B2054328431AA5F0D0014D949AF4BE3BFC0CB1E3D77BEDD4626DEEA83FDA259352765C04985087E260EB03FF7B337C1D4D54878EC210EFBEA6A36AD1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\f34\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f39\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604030504040204}Verdana;}..{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fhimajor\f31502\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbminor\f31505\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Rom
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):356
                                                                                                                                                            Entropy (8bit):4.884558011565004
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:AySGO4KS/x4L8ThcSRFLk6XDuwOyoExvWmFuQUqvJrdt6YAhlAjyIDHAUXV4:Ayf3WPSPLkP/fEFWm/5v3t/byGgH
                                                                                                                                                            MD5:461D6293779BDEF19493C351344F2B71
                                                                                                                                                            SHA1:C441B7DAA5ABF8A2872D55F47585657147451C72
                                                                                                                                                            SHA-256:0C2BD3D1AEB04523291BC72424C802E36C1733E0B72FA775B9DD0A4E9CADE263
                                                                                                                                                            SHA-512:D41DBDF10A61CEDE90D68F1F7E351D9DA441026F7CF9C12AB6ADA017B185455DDBFED74760A3DD3D67ED10A9B1915E79F6ACFF70850B626C68CB1E2B22FC9C25
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:All checksum in MD5....completed.wav..8e46be5a4155710361181e3b67373404..history.rtf..1bfcde2b3d557cfb8b9004055d3a90f5..license_en.rtf..1ae62f00fc368364a2de668b3299d793..license_ru.rtf..fe7c9c6f6e8f720f886bcc65fa2d9b20..nsearcher.exe..c5e7acbda2f8bfa49bd9580120aac7b2..reset.bat..aaa149e55ddae6393fe099990747da94..unins.ico..b8ed55bf81883d2becf23fc020585214
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20
                                                                                                                                                            Entropy (8bit):3.3086949695628416
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:IU4n:X4n
                                                                                                                                                            MD5:AAA149E55DDAE6393FE099990747DA94
                                                                                                                                                            SHA1:F3011A304194E8AA27E0E29E49F8F2C81EAECDBD
                                                                                                                                                            SHA-256:E2C57F46196C1BA3EF69792DEDF532F2A2286BA876E5BB6091C6B173D2E7C5BB
                                                                                                                                                            SHA-512:15121C5C5ECB404BE5E734BE437D744B8FCDB34DDD46D69E5F18CA23E4D74B79B605B9B41973989772432035332D24FFA310F78AF6F44F44C731D416F4A949AB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:nSearcher.exe /reset
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:Rich Text Format data, version 1, unknown character set
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):44011
                                                                                                                                                            Entropy (8bit):5.026565347530582
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:em3cWBnPz+p/zWFHQ1QDGteo75Y3kpTBLRA6AlEayF:emsuQ1WGIZ/6A9U
                                                                                                                                                            MD5:1AE62F00FC368364A2DE668B3299D793
                                                                                                                                                            SHA1:E4E32C3EDC269987E39FDC0883F589CECF9604B4
                                                                                                                                                            SHA-256:F9FF5B54BB1EBEECCC4104A62E32CAB4556DD75A5F76260E720485D5CC39D7E8
                                                                                                                                                            SHA-512:844F4116FD8FF13B144D6D16DE695F7600283DC0B573CAAB5AE74573301B235AC234CE59D1D30BE8FB8ABBA3DFD27EDF8C53A7E0CD5320C23008B5F354377527
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f34\fbidi \froman\fcharset1\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f39\fbidi \fswiss\fcharset204\fprq2{\*\panose 00000000000000000000}Verdana;}{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria;}..{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbminor\f31505\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):684313
                                                                                                                                                            Entropy (8bit):6.465960403665788
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:74mxWBLxEArPb37VzHZA6xNAwtmVNxE7UwRJWcUu7OLxG4:8mxWBLxEArPb37VzHZA6FtmAhUuiLxG4
                                                                                                                                                            MD5:4ED1688FA392C88A83E56C408EC9E013
                                                                                                                                                            SHA1:3C46C248695A47846618EADDC8BFFB25E25ADDD0
                                                                                                                                                            SHA-256:28FFAFB31D044DB5A141ED2FCADAFAD2A64C0A537D9AB937939FDBF710E0830B
                                                                                                                                                            SHA-512:F202BB2F9A5BB089876468F4C5015D6B04BBB2D2D7C04D335EDD2797862C7E14362329D18A80032818D62AFDAC37398B1C7F6CC34FC0E8F35420C17FC1A8F7F8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@..............................<%.......<...................................................P......................................................CODE................................ ..`DATA....`...........................@...BSS.....`................................idata..<%.......&..................@....tls.........@...........................rdata.......P......................@..P.reloc......`......................@..P.rsrc....<.......<..................@..P.............0......................@..P........................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4505597
                                                                                                                                                            Entropy (8bit):5.627429492246494
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:sHNYtvYtzYtFYtbYthYt7z+gV50E7u3epXWi8a+MXgB+:q+gVyxOpd9QB+
                                                                                                                                                            MD5:A48F39C52BEE63D596FEC8E67EBE030E
                                                                                                                                                            SHA1:1F8F6E9E105F0FDDE46689A3A61B0E8CB727E0F1
                                                                                                                                                            SHA-256:ACD1876172ED3D0DC80BE42877EEB964C04CAA7A6322D9F89CD79FC18DFE1A16
                                                                                                                                                            SHA-512:5E0B633CAC6CFDAF2D2E75AAC15A2425B8FB911AF55B4D6BA958D371368AD0A86B2F865D02E52D4176C38EDE63439034B3384E166CD53579519998CBA9671264
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..c.........."..........p......`.............@...........................$.....................................................................................................................................................................text....~..........................!..`.od3b8e..*.......0..................A..A.pd3b8f.............................@....qd3b90.............................@....rsrc.... ....... ..................@..A.react2...+.......+.................`...................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:Rich Text Format data, version 1, unknown character set
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):51922
                                                                                                                                                            Entropy (8bit):4.912794307456054
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:eA3cWBnPz+p/zWFHQ1Qp0SEW5FRLU+cB9nGog4jy6XFsa0eo75Y3kpTBLRA6AlE8:eAsuQ1IV75knFBV6ahZ/6A9r
                                                                                                                                                            MD5:FE7C9C6F6E8F720F886BCC65FA2D9B20
                                                                                                                                                            SHA1:2775F12A0BABDEE5CEEDB08452EF72732E49F13C
                                                                                                                                                            SHA-256:B3F54F1D0C3EA747CC52BAD1B363815B9297088CACDF1398C8CFD7F8054CE2BB
                                                                                                                                                            SHA-512:ABBFE43FBE4827C9CEDA8D1FDD3DB3B344E99E0CDC3512E4EF84F965F882BA5E3822A407AC1F974D1986F1CDA645A20C1D00CD16262200FE39574AEFF12F6A1A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f34\fbidi \froman\fcharset1\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f39\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604030504040204}Verdana;}{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria;}..{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbminor\f31505\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):134921
                                                                                                                                                            Entropy (8bit):6.105680271090377
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:blivjgxiL8DUPKKh1EQ3Zeyo0aIWeTjXV0/KwIhFvyt2M5BH2w:bV4lfptKIW6F0JIzw2M5B1
                                                                                                                                                            MD5:B8ED55BF81883D2BECF23FC020585214
                                                                                                                                                            SHA1:43F6DE28C98380B2FFBA0B29F381EB8408E6F691
                                                                                                                                                            SHA-256:C63B20B68FABD4DF695389494235345CC95CF7E1826896EE6393F0E402B565DA
                                                                                                                                                            SHA-512:E1CB9501575B4CD66AFD6C67BE2AECA1615E9C37C2B37E68A645B21BB6B2CAAE88CAF0EC8BE3513AD72896AB6A870154D17A56F71E50D51581F00C706553B10D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:......00.... ..%..v... .... ......&........ .h....6........ ......;........ .(...1...@@.... .(B..Y......... .........(...0...`..... ......%.............................................................................................................................................................................................................................................................................................<...^...x.....................}...b...A...!...................................................................................................................................X.................................................................]...................................................................................................................J...................................................................................3.......................................................................................................d......................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):272134
                                                                                                                                                            Entropy (8bit):6.156729185977344
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:TNKofL3cEjxCryOOYJH+8a1anwxrcSOQmlBkO+kKo:TNNzsEjxCryOOYvbnwxrcewf+1o
                                                                                                                                                            MD5:8E46BE5A4155710361181E3B67373404
                                                                                                                                                            SHA1:18A19A04DD6E4BFE6731E6978F2CB295E1C52174
                                                                                                                                                            SHA-256:32AB0D1DF26B0DCFE78D393A1F2534D1DAA5BABC6980017303ED925682CE19D0
                                                                                                                                                            SHA-512:5497EEF00048125D67551FBF22747654D97903F0622830299792159DC8532013191FB006A832E7CE2B4383EE2EC67B7B7C1D06C25CF34EEB118D050AC89DC3B7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:RIFF.&..WAVEfmt ........D.............LIST....INFOIART.... ..ICMT....mp3cut.ru ..ICRD.... ..INAM.... ..IPRD.... ..IPRT....1.ISFT....Lavf55.22.100.data.&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:Rich Text Format data, version 1, unknown character set
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):44011
                                                                                                                                                            Entropy (8bit):5.026565347530582
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:em3cWBnPz+p/zWFHQ1QDGteo75Y3kpTBLRA6AlEayF:emsuQ1WGIZ/6A9U
                                                                                                                                                            MD5:1AE62F00FC368364A2DE668B3299D793
                                                                                                                                                            SHA1:E4E32C3EDC269987E39FDC0883F589CECF9604B4
                                                                                                                                                            SHA-256:F9FF5B54BB1EBEECCC4104A62E32CAB4556DD75A5F76260E720485D5CC39D7E8
                                                                                                                                                            SHA-512:844F4116FD8FF13B144D6D16DE695F7600283DC0B573CAAB5AE74573301B235AC234CE59D1D30BE8FB8ABBA3DFD27EDF8C53A7E0CD5320C23008B5F354377527
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f34\fbidi \froman\fcharset1\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f39\fbidi \fswiss\fcharset204\fprq2{\*\panose 00000000000000000000}Verdana;}{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria;}..{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbminor\f31505\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:Rich Text Format data, version 1, unknown character set
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):51922
                                                                                                                                                            Entropy (8bit):4.912794307456054
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:eA3cWBnPz+p/zWFHQ1Qp0SEW5FRLU+cB9nGog4jy6XFsa0eo75Y3kpTBLRA6AlE8:eAsuQ1IV75knFBV6ahZ/6A9r
                                                                                                                                                            MD5:FE7C9C6F6E8F720F886BCC65FA2D9B20
                                                                                                                                                            SHA1:2775F12A0BABDEE5CEEDB08452EF72732E49F13C
                                                                                                                                                            SHA-256:B3F54F1D0C3EA747CC52BAD1B363815B9297088CACDF1398C8CFD7F8054CE2BB
                                                                                                                                                            SHA-512:ABBFE43FBE4827C9CEDA8D1FDD3DB3B344E99E0CDC3512E4EF84F965F882BA5E3822A407AC1F974D1986F1CDA645A20C1D00CD16262200FE39574AEFF12F6A1A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f34\fbidi \froman\fcharset1\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f39\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604030504040204}Verdana;}{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria;}..{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbminor\f31505\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20
                                                                                                                                                            Entropy (8bit):3.3086949695628416
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:IU4n:X4n
                                                                                                                                                            MD5:AAA149E55DDAE6393FE099990747DA94
                                                                                                                                                            SHA1:F3011A304194E8AA27E0E29E49F8F2C81EAECDBD
                                                                                                                                                            SHA-256:E2C57F46196C1BA3EF69792DEDF532F2A2286BA876E5BB6091C6B173D2E7C5BB
                                                                                                                                                            SHA-512:15121C5C5ECB404BE5E734BE437D744B8FCDB34DDD46D69E5F18CA23E4D74B79B605B9B41973989772432035332D24FFA310F78AF6F44F44C731D416F4A949AB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:nSearcher.exe /reset
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):134921
                                                                                                                                                            Entropy (8bit):6.105680271090377
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:blivjgxiL8DUPKKh1EQ3Zeyo0aIWeTjXV0/KwIhFvyt2M5BH2w:bV4lfptKIW6F0JIzw2M5B1
                                                                                                                                                            MD5:B8ED55BF81883D2BECF23FC020585214
                                                                                                                                                            SHA1:43F6DE28C98380B2FFBA0B29F381EB8408E6F691
                                                                                                                                                            SHA-256:C63B20B68FABD4DF695389494235345CC95CF7E1826896EE6393F0E402B565DA
                                                                                                                                                            SHA-512:E1CB9501575B4CD66AFD6C67BE2AECA1615E9C37C2B37E68A645B21BB6B2CAAE88CAF0EC8BE3513AD72896AB6A870154D17A56F71E50D51581F00C706553B10D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:......00.... ..%..v... .... ......&........ .h....6........ ......;........ .(...1...@@.... .(B..Y......... .........(...0...`..... ......%.............................................................................................................................................................................................................................................................................................<...^...x.....................}...b...A...!...................................................................................................................................X.................................................................]...................................................................................................................J...................................................................................3.......................................................................................................d......................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3778
                                                                                                                                                            Entropy (8bit):4.475438159112654
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:50CKp8lD8zpVLoIohqYOIhfrCO2UIWClMVxxph:5/KpMD8zpVLg0Ihv
                                                                                                                                                            MD5:606E8C3BDCE7480FF54D6A5467011BD2
                                                                                                                                                            SHA1:8710382DA4AF7B72655326743118743EF51C68A7
                                                                                                                                                            SHA-256:932631F450CCCB05F9F3537336C378825A3BD751E3803100614C483A94AFF914
                                                                                                                                                            SHA-512:6E8FE7D7CEF6865EDD0A7EC29978572DFF41F4A1411556329DFBCFD81503073D160EFA62C65B3BAB8E6B21FB48DC9DC2219C6DEA24CB250246821456250026A1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:Inno Setup Uninstall Log (b)....................................{12B3548E-91B4-4910-9006-6843A25371E9}..........................................................................................CCSearcher......................................................................................................................-...........%................................................................................................................:..........~.c......B....760639.user!C:\Program Files (x86)\ccSearcher...........0.+.H.. ..........T.IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..'...dll:kernel32.dll.CreateFileA.............#...dll:kernel32.dll.WriteFile...........!...dll:kernel32.dll.CloseHandle.......!...dll:kernel32.dll.ExitProcess.......$...dll:User32.dll.GetSystemMetr
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):684313
                                                                                                                                                            Entropy (8bit):6.465960403665788
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:74mxWBLxEArPb37VzHZA6xNAwtmVNxE7UwRJWcUu7OLxG4:8mxWBLxEArPb37VzHZA6FtmAhUuiLxG4
                                                                                                                                                            MD5:4ED1688FA392C88A83E56C408EC9E013
                                                                                                                                                            SHA1:3C46C248695A47846618EADDC8BFFB25E25ADDD0
                                                                                                                                                            SHA-256:28FFAFB31D044DB5A141ED2FCADAFAD2A64C0A537D9AB937939FDBF710E0830B
                                                                                                                                                            SHA-512:F202BB2F9A5BB089876468F4C5015D6B04BBB2D2D7C04D335EDD2797862C7E14362329D18A80032818D62AFDAC37398B1C7F6CC34FC0E8F35420C17FC1A8F7F8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@..............................<%.......<...................................................P......................................................CODE................................ ..`DATA....`...........................@...BSS.....`................................idata..<%.......&..................@....tls.........@...........................rdata.......P......................@..P.reloc......`......................@..P.rsrc....<.......<..................@..P.............0......................@..P........................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):94208
                                                                                                                                                            Entropy (8bit):1.287139506398081
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                                                                                                                                            MD5:292F98D765C8712910776C89ADDE2311
                                                                                                                                                            SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                                                                                                                                            SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                                                                                                                                            SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):28672
                                                                                                                                                            Entropy (8bit):0.4393511334109407
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLqlj1czkwubXYFpFNYcw+6UwcYzHrSl:TyxcYwuLopFgU1YzLSl
                                                                                                                                                            MD5:8C31C5487A97BBE73711C5E20600C1F6
                                                                                                                                                            SHA1:D4D6B04226D8FFC894749B3963E7DB7068D6D773
                                                                                                                                                            SHA-256:A1326E74262F4B37628F2E712EC077F499B113181A1E937E752D046E43F1689A
                                                                                                                                                            SHA-512:394391350524B994504F4E748CCD5C3FA8EF980AED850A5A60F09250E8261AC8E300657CBB1DBF305729637BC0E1F043E57799E2A35C82EEA3825CE5C9E7051D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):49152
                                                                                                                                                            Entropy (8bit):0.7876734657715041
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                                                                                            MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                                                                                            SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                                                                                            SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                                                                                            SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):94208
                                                                                                                                                            Entropy (8bit):1.287139506398081
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                                                                                                                                            MD5:292F98D765C8712910776C89ADDE2311
                                                                                                                                                            SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                                                                                                                                            SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                                                                                                                                            SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):684984
                                                                                                                                                            Entropy (8bit):6.857030838615762
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw
                                                                                                                                                            MD5:15B61E4A910C172B25FB7D8CCB92F754
                                                                                                                                                            SHA1:5D9E319C7D47EB6D31AAED27707FE27A1665031C
                                                                                                                                                            SHA-256:B2AE93D30C8BEB0B26F03D4A8325AC89B92A299E8F853E5CAA51BB32575B06C6
                                                                                                                                                            SHA-512:7C1C982A2B597B665F45024A42E343A0A07A6167F77EE428A203F23BE94B5F225E22A270D1A41B655F3173369F27991770722D765774627229B6B1BBE2A6DC3F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&.9b.........."!.........6...........................................................@A........................4,..S....,..........x............T..........8$...&...............................0..................D............................text............................... ..`.rdata.......0......................@..@.data...<F...@.......&..............@....00cfg...............(..............@..@.rsrc...x............*..............@..@.reloc..8$.......&..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):627128
                                                                                                                                                            Entropy (8bit):6.792651884784197
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:dfsiG5KNZea77VUHQqROmbIDm0ICRfCtbtEE/2OH9E2ARlZYSd:df53NZea3V+QqROmum0nRKx79E2ARlrd
                                                                                                                                                            MD5:F07D9977430E762B563EAADC2B94BBFA
                                                                                                                                                            SHA1:DA0A05B2B8D269FB73558DFCF0ED5C167F6D3877
                                                                                                                                                            SHA-256:4191FAF7E5EB105A0F4C5C6ED3E9E9C71014E8AA39BBEE313BC92D1411E9E862
                                                                                                                                                            SHA-512:6AFD512E4099643BBA3FC7700DD72744156B78B7BDA10263BA1F8571D1E282133A433215A9222A7799F9824F244A2BC80C2816A62DE1497017A4B26D562B7EAF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........V......./....................................................@A............................cQ......,....p...............r..........4C...........................W......h0...............................................text............................... ..`.rdata.......0......................@..@.data........0......................@....00cfg.......P....... ..............@..@.tls.........`......."..............@....rsrc........p.......$..............@..@.reloc..4C.......D..................@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):449280
                                                                                                                                                            Entropy (8bit):6.670243582402913
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
                                                                                                                                                            MD5:1FB93933FD087215A3C7B0800E6BB703
                                                                                                                                                            SHA1:A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
                                                                                                                                                            SHA-256:2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
                                                                                                                                                            SHA-512:79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2042296
                                                                                                                                                            Entropy (8bit):6.775178510549486
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:6dvFywfzFAF7fg39IwA49Kap9bGt+qoStYnOsbqbeQom7gN7BpDD5SkIN1g5D92+:pptximYfpx8OwNiVG09
                                                                                                                                                            MD5:F67D08E8C02574CBC2F1122C53BFB976
                                                                                                                                                            SHA1:6522992957E7E4D074947CAD63189F308A80FCF2
                                                                                                                                                            SHA-256:C65B7AFB05EE2B2687E6280594019068C3D3829182DFE8604CE4ADF2116CC46E
                                                                                                                                                            SHA-512:2E9D0A211D2B085514F181852FAE6E7CA6AED4D29F396348BEDB59C556E39621810A9A74671566A49E126EC73A60D0F781FA9085EB407DF1EEFD942C18853BE5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........&...............................................`............@A.........................!..\...T...@....@..x....................P..h...h...................................................\....!..@....................text...i........................... ..`.rdata..............................@..@.data....N.......*..................@....00cfg.......0......................@..@.rsrc...x....@......................@..@.reloc..h....P......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):254392
                                                                                                                                                            Entropy (8bit):6.686038834818694
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:uI7A8DMhFE2PlKOcpHSvV6x/CHQyhvs277H0mhWGzTdtb2bbIFxW7zrM2ruyYz+h:uI7A8DMhFE2PlbcpSv0x/CJVUmhDzTvS
                                                                                                                                                            MD5:63A1FE06BE877497C4C2017CA0303537
                                                                                                                                                            SHA1:F4F9CBD7066AFB86877BB79C3D23EDDACA15F5A0
                                                                                                                                                            SHA-256:44BE3153C15C2D18F49674A092C135D3482FB89B77A1B2063D01D02985555FE0
                                                                                                                                                            SHA-512:0475EDC7DFBE8660E27D93B7B8B5162043F1F8052AB28C87E23A6DAF9A5CB93D0D7888B6E57504B1F2359B34C487D9F02D85A34A7F17C04188318BB8E89126BF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...'.9b.........."!......................................................................@A........................tv..S....w...................................5..hq..............................................D{...............................text...V........................... ..`.rdata..............................@..@.data................~..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1099223
                                                                                                                                                            Entropy (8bit):6.502588297211263
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:9jxwSkSteuT4P/y7HjsXAGJyGvN5z4Rui2IXLbO:9Vww8HyrjsvyWN54RZH+
                                                                                                                                                            MD5:DBF4F8DCEFB8056DC6BAE4B67FF810CE
                                                                                                                                                            SHA1:BBAC1DD8A07C6069415C04B62747D794736D0689
                                                                                                                                                            SHA-256:47B64311719000FA8C432165A0FDCDFED735D5B54977B052DE915B1CBBBF9D68
                                                                                                                                                            SHA-512:B572CA2F2E4A5CC93E4FCC7A18C0AE6DF888AA4C55BC7DA591E316927A4B5CFCBDDA6E60018950BE891FF3B26F470CC5CCE34D217C2D35074322AB84C32A25D1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...".,b.v.........!......................... .....a......................................... .........................n*................................... ...;...................................................................................text...............................`.P`.data...|'... ...(..................@.`..rdata...D...P...F...:..............@.`@.bss....(.............................`..edata..n*.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc...;... ...<..................@.0B/4......8....`......................@.@B/19.....R....p......................@..B/31.....]'...@...(..................@..B/45......-...p......................@..B/57.....\............&..............@.0B/70.....#............2..
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):80128
                                                                                                                                                            Entropy (8bit):6.906674531653877
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
                                                                                                                                                            MD5:1B171F9A428C44ACF85F89989007C328
                                                                                                                                                            SHA1:6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
                                                                                                                                                            SHA-256:9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
                                                                                                                                                            SHA-512:99A06770EEA07F36ABC4AE0CECB2AE13C3ACB362B38B731C3BAED045BF76EA6B61EFE4089CD2EFAC27701E9443388322365BDB039CD388987B24D4A43C973BD1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L....(.[.........."!.........................................................0......t(....@A.............................................................?... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Program Files (x86)\ccSearcher\ccsearcher.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:V:V
                                                                                                                                                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:0
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):410112
                                                                                                                                                            Entropy (8bit):6.362808688244883
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:NrkuBHTtY9Jgfq80nzm5tBD2AsG8x0Ca0Hv06A0md0OUGHLzmijOceK2HSw3pXqC:NrkIT/y8T5PVsSnXOc+HSQJKLw
                                                                                                                                                            MD5:9519C85C644869F182927D93E8E25A33
                                                                                                                                                            SHA1:EADC9026E041F7013056F80E068ECF95940EA060
                                                                                                                                                            SHA-256:F0DC8FA1A18901AC46F4448E434C3885A456865A3A309840A1C4AC67FD56895B
                                                                                                                                                            SHA-512:DCC1DD25BBA19AAF75EC4A1A69DC215EB519E9EE3B8F7B1BD16164B736B3AA81389C076ED4E8A17A1CBFAEC2E0B3155DF039D1BCA3C7186CFEB9950369BCCF23
                                                                                                                                                            Malicious:true
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MALWARE_Win_DLInjector06, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Service[1].exe, Author: ditekSHen
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H\.i.\.i.\.i...j.V.i...l...i...m.M.i...j.J.i...l.w.i...m.I.i...h.U.i.\.h. .i...`.Y.i.....].i...k.].i.Rich\.i.........................PE..L...S..b.................Z...................p....@.......................................@.................................8...d....@.......................P...&..\...8...............................@............p...............................text.../Y.......Z.................. ..`.rdata..F....p.......^..............@..@.data........ ......................@....rsrc........@......................@..@.reloc...&...P...(..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):616448
                                                                                                                                                            Entropy (8bit):5.164277290666237
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:KLuAvRbXvC79gVoA550CbeoLFroWiYfQ82bAGpMTO0I6:KLuAv9vo9gVoA57TLiEhGgO8
                                                                                                                                                            MD5:6590C006DA1047AB975529D3ED46619A
                                                                                                                                                            SHA1:397D8C152FBF0B746AEB7E69141C662297AA9379
                                                                                                                                                            SHA-256:1C986AFB6B41D43BBC3D526DAD0629C3903AED6F88E0D4A86014748617DFAB5A
                                                                                                                                                            SHA-512:C9FEE15FD842CA4614AEA06C48EE51D143B9E4F187C16533762D4CD831910D38E163AAA0C639D72FBB4A3E57D81DE31FB58DB40C63546CF3A4D609D17BF8CA0F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........zuP.............c.......c.......c.......c.......c.......p..............kb......kb......kb......Rich....................PE..L...6{.c...............!.....T......2........0....@..........................@............@.................................t5......................................02..8...........................p1..@............0...............................text...t........................... ..`.rdata.......0......................@..@.data...,E...@...B...$..............@....reloc...............f..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3210240
                                                                                                                                                            Entropy (8bit):7.948059560743614
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:mHjaMebZao0p4kwkC/yRLmsH5NnyjqCgcg:mH2vaoy3wkC/yRLb5Nny
                                                                                                                                                            MD5:106078BB0964B75800DA2013419239D9
                                                                                                                                                            SHA1:44F3C39446CEBB7349697703CC88BD0C014B6C7E
                                                                                                                                                            SHA-256:7E0BD7043B674F37A6C086FCD8AA5DDB0EC4BA675E4860E30F88ABE3CFE4B879
                                                                                                                                                            SHA-512:E9172ECBDDC2D11291D6DA05A65D967984C72317D525451AD13DBD6931B5B1BF580237926A4F6CD40D265F5B559EFAA961352E348CE22827B3E52552CA618B7E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w;.......................X......pCN.. ........@.. ........................x.......1...`.................................:`..P........U.......................................................................................................... ..... ...................... ..`.rsrc....U.......V..................@..@ .....@.......j..............@..B.idata... ...`.......l..............@....themida..D..........n..............`....boot.....*..@N...*..n..............`..`................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1473775
                                                                                                                                                            Entropy (8bit):7.898388114496262
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:I/XEXjJSFHUKr4Uk0z1YBuCBuxFuxolmK3ywCfl1MGC6vUnbDB3LDh/Kis4Zt:I/oSrU2ruSmK3hYlfXcZ3Lli4Zt
                                                                                                                                                            MD5:47D8824241636F9895D127858B55401F
                                                                                                                                                            SHA1:C3EC120E33E0723FBE509DCBF08E1605986B43D6
                                                                                                                                                            SHA-256:EDA1406B045F2BBCBFA4F46B5995B995AFE5EBC81EB17FB04907D29C00EB484F
                                                                                                                                                            SHA-512:B023A708CF205739E1873EACA901ABED1D76C82E45AD014CC2BB9638C36F1EFF6FE6586DC92B36C695B414733E13BB482C5DD5CD719AD6396DFCE6141CCA3D08
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..............U...U...UM.RU.UM.PUt..UM.QU.UX.^U...UX..T.UX..T.UX..T..U.. U.U..0U...U...U...U...T..U...T...U..\U...U...T...URich...U........................PE..L....U.a.................b...........B............@.......................................@.............................4...4...<...............................X(......T...........................h...@............... ............................text....`.......b.................. ..`.rdata..t............f..............@..@.data...8]...0......................@....didat..`...........................@....rsrc...............................@..@.reloc..X(.......*..................@..B................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3949568
                                                                                                                                                            Entropy (8bit):7.826047385956034
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:5Hlmczc++8BF8C6By21hlcOUEFDKMYrY5ok8:rmUcjny4lcvKODYb8
                                                                                                                                                            MD5:77D8DF4427C8B1A28C8D2591A9C92A70
                                                                                                                                                            SHA1:9A0E1CA712F93F4AB30B162F5C9B04D9C825F1F9
                                                                                                                                                            SHA-256:00CBD7C3427B9D2E960BD1D3FB04D3897A7C53486B52E5C42F0C2C6678A63762
                                                                                                                                                            SHA-512:8204C35C4B4AA6A15C4D32D8600D0792E21296AF633FC0AB45141ABDFD7BCF0FB9B96A972F7734E01CA0EE9002D0E730F6380C5593ED0CA5E534C7C48ED83B98
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...\n.c..........#...................T........@............................. j........... ................................................. c8.......j.......i.............................................;/.0...P.i.8............................................text.............................. ..`.rdata..|V..........................@..@.data........0......................@....pdata..............................@..@_RDATA.......`......................@..@.vmp0...|_...p......................`..`.vmp1...t=<...-..><.................`..h.rsrc.........j......B<.............@..@................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):410112
                                                                                                                                                            Entropy (8bit):6.362808688244883
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:NrkuBHTtY9Jgfq80nzm5tBD2AsG8x0Ca0Hv06A0md0OUGHLzmijOceK2HSw3pXqC:NrkIT/y8T5PVsSnXOc+HSQJKLw
                                                                                                                                                            MD5:9519C85C644869F182927D93E8E25A33
                                                                                                                                                            SHA1:EADC9026E041F7013056F80E068ECF95940EA060
                                                                                                                                                            SHA-256:F0DC8FA1A18901AC46F4448E434C3885A456865A3A309840A1C4AC67FD56895B
                                                                                                                                                            SHA-512:DCC1DD25BBA19AAF75EC4A1A69DC215EB519E9EE3B8F7B1BD16164B736B3AA81389C076ED4E8A17A1CBFAEC2E0B3155DF039D1BCA3C7186CFEB9950369BCCF23
                                                                                                                                                            Malicious:false
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MALWARE_Win_DLInjector06, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Service[1].exe, Author: ditekSHen
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H\.i.\.i.\.i...j.V.i...l...i...m.M.i...j.J.i...l.w.i...m.I.i...h.U.i.\.h. .i...`.Y.i.....].i...k.].i.Rich\.i.........................PE..L...S..b.................Z...................p....@.......................................@.................................8...d....@.......................P...&..\...8...............................@............p...............................text.../Y.......Z.................. ..`.rdata..F....p.......^..............@..@.data........ ......................@....rsrc........@......................@..@.reloc...&...P...(..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):86020
                                                                                                                                                            Entropy (8bit):6.234321563520327
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:/DhT6pCC4WHI9yAB7Ugax3pE/km8J641z1LcP6dp8pWAj:7hTIvzHwrWe/aJ6oz1wP6dpOWAj
                                                                                                                                                            MD5:B6F643332EC81DBF0444E9B977BFD076
                                                                                                                                                            SHA1:E615469F60E833C0C27D040DB680A91DD1A090D5
                                                                                                                                                            SHA-256:9D8DA0A303DF18BC3F7964E695F8C58A40E229953B1D3EE64C7D6D3FAD88CD3E
                                                                                                                                                            SHA-512:CE2A35F634E3860FA6631350429FCBC530DC255C574044669C04F4A95FA2353C29E4F730390E267B008EAECA25E368080F561BD479A5E814C84E29046DDB80B3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:...]............bb..%..........................................m.....'..).P.%..P.............................................?^j.{?..{?..{?...0[.z?..\.y.o?..\.j.J?..\.i..?...0Y.|?..{?...?..\.v.y?..\.|.z?......{?................................H..........}........}.........i........m....................................4...............................................-..........................................................................m.....................................B.......}.............................K....m.......m........................y.............................]........-.......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5239604
                                                                                                                                                            Entropy (8bit):7.716925851554638
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:i7F2Ele5dMug8foEIWnmzonddH60WG9mHSrAOQ3jC82lQzpAFh9pp3Na7fi2mPD0:GF2YjHnO3D60aSpQ3jWl6GzZ3Na7AD4Z
                                                                                                                                                            MD5:68B568BF06E450C63F1F84B95867FBF8
                                                                                                                                                            SHA1:5CC4F825382FF91B84201C06E71C89A558015604
                                                                                                                                                            SHA-256:F705F1FFC05F7BCDDF9EC594C53918DB911D7E7111C8C226E776F482975C3A81
                                                                                                                                                            SHA-512:46F77794D0422B2D9042BE099BD3E4B079E4450F6F6BCF6B57340835D561C7BDF689D5D5C64BD23B756B3744058DE52F9801E112F5296FB124FF3F13F88988B4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:...]............bb..%................................................'..).P.%..P....................................................8.........}............-......7.......-.....................................O......................................U..)....=.3..........G..............................................U......................................................................................)..-..............................].............................]F..F..F.."......].....................F..F..F.}............}........................3..=................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6882820
                                                                                                                                                            Entropy (8bit):7.9041656244284475
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:RNrLf0ANznbk8D6Qkza2RD53fuQnVROvh78lr8TmbDXcFcSU1uTPGsOWGh4t2+rQ:HDTLX0tEQnmS6SXGcSTysOWGuBq2HQ
                                                                                                                                                            MD5:03256D6C03AD81F1850D3084342D0FD5
                                                                                                                                                            SHA1:D47389EDE6914CDC333CFAADC45ACBA40A378EFB
                                                                                                                                                            SHA-256:B49E72A86A115F607CD9ED1F546B1DA59DE6641CA89AA197B051A49A88C402DE
                                                                                                                                                            SHA-512:9CCF84623A2149658D1808166786F4FCF6EF8E2CD804023F54B19294D4FA873DD093A989ED596D096B112514612C47E4A079D7CFD259E0B3B972BABE14CC286B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:...]............bb..%................................................'..).P.%..P.....................................................g.........}........;..........'......]...............................?.....................................q*.............]..............................................................................m..M..................................8.....................................E....]................................u....}........................]............m................................t........................................m........................]......../......./.................................]......'............................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1280004
                                                                                                                                                            Entropy (8bit):6.437010869902694
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:eOzouy5fffMj/KJoodIOCy3YGA/AcF5Pbbb3bYH6YjpxqMEp:1zdbOCy3YkcFynkL
                                                                                                                                                            MD5:4FA063EDB75F343AFE9F729CD960CE57
                                                                                                                                                            SHA1:40A2B10D9E3C70E7C679BC0286684ECBC3BF48BA
                                                                                                                                                            SHA-256:8CB54D4A1D99A9E66D6B13A312F7A1D91F23C823ED50C4EE77444029C57DEACE
                                                                                                                                                            SHA-512:152EAB22C775593E3DAAEB85BB82C7FBA23121C2476127965F5CB8421A09EC57D0CD7EF222CB42FE70A8D3C3826BC89BB7EEBEA8F04FA5F2D4357526A73993D5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:...]............bb..%................................................'..).P.%..P...............................................................}........k..........-.......................................}...............................................=..a....M..............................................................................?..%.................................-i.......k.............................R.......M...g................]........I7...}...1...W...................................................]........a....=......................]............-........................]...........]........................]............M....................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2574753
                                                                                                                                                            Entropy (8bit):7.996460855659523
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:49152:Fua4O8Q45Bmtl9SlQv336CqKtMp5f5CAgD6I96n+Qf3/YtGN75YRhEm4M8:FuzQ45By3SYqKtMp5BCfbyGGTw4M8
                                                                                                                                                            MD5:642E6304E604B0F92537A6A4E1AC57F6
                                                                                                                                                            SHA1:BD7A04266C7AA56E07ABA655025A0BA010705296
                                                                                                                                                            SHA-256:87DF182DDE13E6412993E752841910FD45AB00C040B2E4219DA03AD68C00AA2A
                                                                                                                                                            SHA-512:88EF881DC29CFE6E8690EA626494E6657EDCDD2518399455C0A9B576B54E56DA0D7B5DA4DF792A1E50A81ED148BFFE32E807B6C16E8E63FAB17E01AFCB7DE9B4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:...]...........bb..%..............................................'....).P.%..P.............................................................................................................................................................................................}..................E........=.............................................................................]..............................................................}.............................................................a..........................................=........................]............-.........................]............]........................]...........M.......?.................].............}.......?........................=....m.......9.....................................9.....................................E....................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1642496
                                                                                                                                                            Entropy (8bit):7.061999393732359
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:oYkmBvyZ5StZzFoxAlEK3CwijlRiGE65UnbdH3L5Lh/3B:kr8ZxoWEK3RKl5lGZ3LhZ3B
                                                                                                                                                            MD5:E6781BDA7DD3B349110478BDE0C43310
                                                                                                                                                            SHA1:4377CA545D3EE074A1EAB1A49A7A776C491116EE
                                                                                                                                                            SHA-256:238DB1D122A2D06CA95EBE9F56B6E1A7F528BDF7F42BA947EC0FBF511ECFB39D
                                                                                                                                                            SHA-512:F92CFE07A5F227550C656740AF6ED37358BCEE33FAA58075C7D7BE4CB61F265FA6B3642A9752BF0FC416CB47A8063F9A2FE052B31F0AA952495ECDD0D7E64475
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@.........................................1.J._.J._.J._.mu..9._.G...._.$.\.V._.o..W._..-...._.o..._.J._..._..Z.B._.%...._...^.._..]..._.mu#.;._.mu".s._.mu..._...M._..X..1._.mu..._..X...._.mu..(._.J.^.~._.RichJ._.........................PE..L......c...........!.........0......#.............@.......................... .............@.................................p..................................h`..................................................Xu..@............................text............................... ..`.rdata..;...........................@..@.data...............................@....idata..>....p... ...`..............@....rsrc..................................@.reloc...y..........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):571230
                                                                                                                                                            Entropy (8bit):7.964579681710588
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:FV1e0UgkVT6ZT+3JCnoxgLSoCXwbePLJrH8fwpZ:FV1edgkV8T0CnoxX4ePLJTMwpZ
                                                                                                                                                            MD5:6F5100F5D8D2943C6501864C21C45542
                                                                                                                                                            SHA1:AD0BD5D65F09EA329D6ABB665EF74B7D13060EA5
                                                                                                                                                            SHA-256:6CBBC3FD7776BA8B5D2F4E6E33E510C7E71F56431500FE36DA1DA06CE9D8F177
                                                                                                                                                            SHA-512:E4F8287FC8EBCCC31A805E8C4CF71FEFE4445C283E853B175930C29A8B42079522EF35F1C478282CF10C248E4D6F2EBDAF1A7C231CDE75A7E84E76BAFCAA42D4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:P,..Hh.j...?...O}3..8v,)cml.T/.....V.r.....n.?y..oz#V......N.{.....!....Y."..)v.T.........Ub.V..*.)..8..,.%.{4.yWrA.a36&..,...V...l9.y....39.y...wW.j.ox.....I..;..%..p.b..>..j.....j..awT..r...j....o./.7...,=uk..i../h..j*j.P.j..?.-X.k..R}.j.5.b-F.k..c........j...j..Q?...).qe......,o'k.....j.J..))O.......k..\.....u,..k...,..k....k...tOT.X.jXe-.k..7.k...83U.......%..o.....Y%.....7.F.(j...KP..I..j..y...o..no......z......u/..DJP.e+.Dj..Z....k.......j$T.X.j[..`....o....k{..2|6...H.....c%..........z......~^..j.-s.....o.-........6.L.`.j.-s.....i|..y.Q'....k...}FT.X.jY..Y....o......y..=|6..%..z/........s....>.j.-s.k../.:..........>|/...h...2/..R..-......k....9.y.....j.6Z.j.o....l&..%.UD..`....&..t>".6g..j,..../W=..5...n.......X..h>.k..'...|/h..jfDX.S...`&*...Y....)U]bc[......'(..l..+....b.i....[...If!S...r......i.....Q^..*.....aeddT.`.'....*.[.h....e...?>....n....5......-..j..T..ow......k....-...k16.+i(~..L....j,...c.L./w=j...~./
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):61440
                                                                                                                                                            Entropy (8bit):5.463972317214072
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:WDKKrolwgA7W2cz1Pii4A1yZHtVtQg0eBU:KKPi2Fii4TrtQg0e
                                                                                                                                                            MD5:4D11BD6F3172584B3FDA0E9EFCAF0DDB
                                                                                                                                                            SHA1:0581C7F087F6538A1B6D4F05D928C1DF24236944
                                                                                                                                                            SHA-256:73314490C80E5EB09F586E12C1F035C44F11AEAA41D2F4B08ACA476132578930
                                                                                                                                                            SHA-512:6A023496E7EE03C2FF8E3BA445C7D7D5BFE6A1E1E1BAE5C17DCF41E78EDE84A166966579BF8CC7BE7450D2516F869713907775E863670B10EB60C092492D2D04
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)a..H..H..H..r.H..a.H..b..H..oGR.H..H...H..}.H..u.H..w.H..Rich.H..........PE..L....^.c...........!.....p...p..........................................................................................b.......(........&.......................................................... ...@............................................text....g.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc....0.......0..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):673792
                                                                                                                                                            Entropy (8bit):6.456753052904264
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:T4mxWBLxEArPb37VzHZA6xNAwtmVNxE7UwRJWcUu7OLxG:UmxWBLxEArPb37VzHZA6FtmAhUuiLxG
                                                                                                                                                            MD5:FEC7BFF4C36A4303ADE51E3ED704E708
                                                                                                                                                            SHA1:487C0F4AF67E56A661B9F1D99515FF080DB968C3
                                                                                                                                                            SHA-256:0414EEFF52F63CB32E508FE22C54AEDB399E7A6BAAAB94A81081073DBE78C75F
                                                                                                                                                            SHA-512:1267A0B954F3315B067883FF6AE8D599166CCFE35F1C7770E29F5F66A13650D4E1AE7F04C0B48E3DA0875FB6C7127892F4A6ECD6214F43F6BEB5013F55FE94D0
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@..............................<%.......<...................................................P......................................................CODE................................ ..`DATA....`...........................@...BSS.....`................................idata..<%.......&..................@....tls.........@...........................rdata.......P......................@..P.reloc......`......................@..P.rsrc....<.......<..................@..P.............0......................@..P........................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3584
                                                                                                                                                            Entropy (8bit):4.012434743866195
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:iAnz1hEU3FR/pmqBl8/QMCBaquEMx5BCwSS4k+bkguj0K:pz1eEFNcqBC/Qrex5MSKD
                                                                                                                                                            MD5:C594B792B9C556EA62A30DE541D2FB03
                                                                                                                                                            SHA1:69E0207515E913243B94C2D3A116D232FF79AF5F
                                                                                                                                                            SHA-256:5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
                                                                                                                                                            SHA-512:387BD07857B0DE67C04E0ABF89B754691683F30515726045FF382DA9B6B7F36570E38FAE9ECA5C4F0110CE9BB421D8045A5EC273C4C47B5831948564763ED144
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................|.......|.......|......Rich............PE..L.....%E..................................... ....@..........................@..............................................l ..P....0..8............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...8....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2560
                                                                                                                                                            Entropy (8bit):2.8818118453929262
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                                                                                                            MD5:A69559718AB506675E907FE49DEB71E9
                                                                                                                                                            SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                                                                                                            SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                                                                                                            SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5632
                                                                                                                                                            Entropy (8bit):4.203889009972449
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:SvTmfWvPcXegCWUo1vlZwrAxoONfHFZONfH3d1xCWMBgW2p3SS4k+bkg6j0K:nfkcXegjJ/ZgYNzcld1xamW2pCSKv
                                                                                                                                                            MD5:B4604F8CD050D7933012AE4AA98E1796
                                                                                                                                                            SHA1:36B7D966C7F87860CD6C46096B397AA23933DF8E
                                                                                                                                                            SHA-256:B50B7AC03EC6DA865BF4504C7AC1E52D9F5B67C7BCB3EC0DB59FAB24F1B471C5
                                                                                                                                                            SHA-512:3057AA4810245DA0B340E1C70201E5CE528CFDC5A164915E7B11855E3A5B9BA0ED77FBC542F5E4EB296EA65AF88F263647B577151068636BA188D8C4FD44E431
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d......E..........#............................@.............................`..............................................................<!.......P..8....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...8....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):23312
                                                                                                                                                            Entropy (8bit):4.596242908851566
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                                                                            MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                                                                            SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                                                                            SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                                                                            SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4232704
                                                                                                                                                            Entropy (8bit):7.999935001122883
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:98304:nKxZWSv8fBG6l/mNu13T3Gf4fN11cB50kd3SaNkG:cwNbuNii8D1c8
                                                                                                                                                            MD5:96EC3EFA9BD454550B615DF142B08295
                                                                                                                                                            SHA1:4A8A6D3A8D94F02194822C2066E11800A518C8D6
                                                                                                                                                            SHA-256:6D5320CD6E4CFC208F6703FFF254B6F1363E1AFDF7D8E77155549A674FA3A263
                                                                                                                                                            SHA-512:8E3945604E8992D3630AE716E09D3A9A3052A2DDBCCF15BCAAC9B636A0A49879552CBD58F299DDC6B4DD7E8B6E915C29B35BFC3A0A3F449C41F7CAAE776C0B6B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......c..............."..@...................@..............................@............`... .........................................Y....0...............p..l]...........0............................... ..(...................................................UPX0....................................UPX1......@.......@.................@...UPX2.........0........@.............@...3.96.UPX!.$...)H.M...-....@............a..\.."...,J=.Q&*.d....u....U......G..X..}.....m....C*.3SB......G.?_....;b.....)..,...=...J........B...........x..)r.j...g.).. ......f.t. .k...........6;..d.@....X...e...Ux..Y+ag.8}.r)."..j..t!. ..py...s..G8.bW.+...t......v!R4...@^....-.C.C...\.&..6W.....5.25.-.>....n:......}$".^..LD..i.}lhM-.d.Y..0.1I..K.T..L......+..i...9.*<9pz..?..hFs..0..T#....R..z.?..}...R\i5.../........m..)]).} .....Q..)o...B.....3.....O
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6353920
                                                                                                                                                            Entropy (8bit):7.964035151346637
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:AUmETj+8JMsbhauhDwHnRz4TvItwgEmE350RtERTGXHINphWp6ZtdTm7YtGzzT:nmgjRbgI2lytEO5W+Rq4yIMYtMzT
                                                                                                                                                            MD5:A0CCE836755A2B064842089D16EA5561
                                                                                                                                                            SHA1:FA0A6251130F3A0008A136393A959E6A8F611139
                                                                                                                                                            SHA-256:0F2A54E667AAE6DB7283B8D6340E9EBD8CAC4A740190E65A02B18FB55CD2AF01
                                                                                                                                                            SHA-512:54F7C38E80A0822FF7079C3742EAF61DE84D9404C69AF75C310E5308B9F41CD2E99A40536C7605CB3F1CFC18AFC1FD3F0ACD82B98EF42CD1802E2C9550205813
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b..............................>......0....@..........................`......Q.a................................O...<#B.x....P...............................................................................P6.@............................text............................... ..`.rdata.......0......................@..@.data...d....P......................@....peN......5..`...................... ..`.Nb8.........P6.....................@....va$....p.`..`6...`................. ..`.rsrc........P........`.............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):410112
                                                                                                                                                            Entropy (8bit):6.362808688244883
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:NrkuBHTtY9Jgfq80nzm5tBD2AsG8x0Ca0Hv06A0md0OUGHLzmijOceK2HSw3pXqC:NrkIT/y8T5PVsSnXOc+HSQJKLw
                                                                                                                                                            MD5:9519C85C644869F182927D93E8E25A33
                                                                                                                                                            SHA1:EADC9026E041F7013056F80E068ECF95940EA060
                                                                                                                                                            SHA-256:F0DC8FA1A18901AC46F4448E434C3885A456865A3A309840A1C4AC67FD56895B
                                                                                                                                                            SHA-512:DCC1DD25BBA19AAF75EC4A1A69DC215EB519E9EE3B8F7B1BD16164B736B3AA81389C076ED4E8A17A1CBFAEC2E0B3155DF039D1BCA3C7186CFEB9950369BCCF23
                                                                                                                                                            Malicious:true
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MALWARE_Win_DLInjector06, Description: Detects downloader / injector, Source: C:\Users\user\Documents\4yIhH87Es5hVNHcV28YUa6Ea.exe, Author: ditekSHen
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H\.i.\.i.\.i...j.V.i...l...i...m.M.i...j.J.i...l.w.i...m.I.i...h.U.i.\.h. .i...`.Y.i.....].i...k.].i.Rich\.i.........................PE..L...S..b.................Z...................p....@.......................................@.................................8...d....@.......................P...&..\...8...............................@............p...............................text.../Y.......Z.................. ..`.rdata..F....p.......^..............@..@.data........ ......................@....rsrc........@......................@..@.reloc...&...P...(..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1280000
                                                                                                                                                            Entropy (8bit):6.437003552746411
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:tBdQ7HTJbH4do4sbvJL9HhWVzXzKVo2ioIunOwFdAfrE/Y7sc+aD43MgEke0qn2:t8vJhhWVzXzK62srE/hl
                                                                                                                                                            MD5:76000A1A15850FCAA06877E21F7EB348
                                                                                                                                                            SHA1:755F0DBECF5EF2868270D34CED20213A4D5137C4
                                                                                                                                                            SHA-256:52558D772708FED5FEA4982D2F5ED377D47D1E4F9BC6D04A10A75817887FDF01
                                                                                                                                                            SHA-512:573742A804AD957D2A11CD15E3D9F908FA0278067BD983B84FD39CA6C2D43DC91CA4E1870B86FE0AB1EBA0F7317B87855CF22E66462C73ABF0E569E4B018A9CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...............#..........................@.................................+4........ .........................................X............................................................................................................text...............................`.P`.data...D...........................@.`..rdata.............................@.`@.bss....t.............................`..idata...............v..............@.0..CRT....4...........................@.0..tls................................@.0..rsrc...X...........................@..@................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6882816
                                                                                                                                                            Entropy (8bit):7.904165496180532
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:196608:fOo36KhbbRT3Z7/OXnKO8/tPp0ll9z3d0dppIbh5:djbDmXl60bz
                                                                                                                                                            MD5:83FD77104C17653424A3D3894DBE8793
                                                                                                                                                            SHA1:FBD8618F1D840C2506B33E85DF7BE7ABF6753C19
                                                                                                                                                            SHA-256:4D70A2E9F63FEA018DB99BEF6CECBF094255C52F6E2BD9D1D7458E637EFB9172
                                                                                                                                                            SHA-512:18C577E3FA7B48CD7A2954FA9C132A023D8C64809AA1887969ECB35CBB188EFC87A0013D9B41A83D4BC701FFB496E6914331E48F84DE39382848213F559566A9
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%C.b.............................)~...........@.................................<.i...............................O....7x.d.......XK............................................................................8..............................text... ........................... ..`.rdata..............................@..@.data...............................@....CRT................................@..@._K)....K.7......................... ..`.$gT....T.....8.....................@....qD*......b...9...b................. ..`.rsrc...XK.......L....b.............@..@................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5239600
                                                                                                                                                            Entropy (8bit):7.716925488875604
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:WSVnNc2g8lDW5whDzrN3ylOykzRuLzw0eBXga5sW3MhkMyedv7HTLr:W/2ZW5wtzrN3WTghQa5skxMjv7zLr
                                                                                                                                                            MD5:469B0C97D2AA9A03581536D485BC8864
                                                                                                                                                            SHA1:B56DCAE7A00AC7333C728BD00197DA2E07DDFE36
                                                                                                                                                            SHA-256:51A2D9691B6A426415CBD2A21E445A6E29204680A5AB63D8E51058BFA542E67C
                                                                                                                                                            SHA-512:D0942BF318E025805E6BFBB513CFFEF2B62CB645D41E92AEDB215B276D9857CB64CB2E430927E5063A8E0431115167D34D561315ECDDFBCB514A007DB5D98DF2
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..P..........#..................gL...........@.......................... P.....Q.P.....................................T.9.......O..y............O.0.............................................O.@............P@.p............................text............................... ..`.rdata...m.......n..................@..@.data....0... ......................@...._._.../..`..../.. ..............`..`._._..~... 2.......1.............`..`.rsrc....y....O..z...`O.............@..@................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:HTML document, Non-ISO extended-ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):104153
                                                                                                                                                            Entropy (8bit):5.320011428608657
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:hGqTEcro8d3t6wMC0r4+P/wznIEuZkX+ranIy+K07Qs4keJWd3Fywm+ZaPu9WJPo:hXoo9B2Fywbtyh4mouu6KgPd0
                                                                                                                                                            MD5:CC975CC6178DE9CFB6BB3D16BF1F3468
                                                                                                                                                            SHA1:38E50B54EFCFAE594A6CC7EF2AEB61565BA5FD1A
                                                                                                                                                            SHA-256:A80F895E7693BFF7B7FBADC215C58D1EFF65AAC62FB64EA9E9B2BA5D25AC1A8C
                                                                                                                                                            SHA-512:677280E43E590206C8C44BDFF3BFF9673F611A54EE900BA05EA86DCFAF196A1DBCE85012BA6655059F987176324C727832EF247C4C29A99C42C7E35EF5A8E7E6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang='en' dir='ltr'>.<head>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?6" />..<link rel="apple-touch-icon" href="/images/icons/pwa/apple/default.png?15">..<meta http-equiv="content-type" content="text/html; charset=windows-1251" />.<meta http-equiv="origin-trial" content="AiymFI85w2/GSGbzrplgUbWCwiuDfQeTCHPPgkPyHNNKBwYayXHKnxa3pfWYRSqBJSDavyxBmG9yNNKv2edogw4AAABceyJvcmlnaW4iOiJodHRwczovL3ZrLmNvbTo0NDMiLCJmZWF0dXJlIjoiV2ViQ29kZWNzIiwiZXhwaXJ5IjoxNjM4NDAzMTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="><meta name="theme-color" content="#ffffff">.<meta name="color-scheme" content="light">..<title>Error | VK</title>..<noscript><meta http-equiv="refresh" content="0; URL=/badbrowser.php"></noscript>.<script nomodule>/*nomodule*/(function(){"use strict";function t(){var t=new XMLHttpRequest;t.open("GET","/badbrowser_stat.php?act=nomodule"),t.send()}return t})()({});</script>..<link type="text/css" rel="st
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):616448
                                                                                                                                                            Entropy (8bit):5.164277290666237
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:KLuAvRbXvC79gVoA550CbeoLFroWiYfQ82bAGpMTO0I6:KLuAv9vo9gVoA57TLiEhGgO8
                                                                                                                                                            MD5:6590C006DA1047AB975529D3ED46619A
                                                                                                                                                            SHA1:397D8C152FBF0B746AEB7E69141C662297AA9379
                                                                                                                                                            SHA-256:1C986AFB6B41D43BBC3D526DAD0629C3903AED6F88E0D4A86014748617DFAB5A
                                                                                                                                                            SHA-512:C9FEE15FD842CA4614AEA06C48EE51D143B9E4F187C16533762D4CD831910D38E163AAA0C639D72FBB4A3E57D81DE31FB58DB40C63546CF3A4D609D17BF8CA0F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........zuP.............c.......c.......c.......c.......c.......p..............kb......kb......kb......Rich....................PE..L...6{.c...............!.....T......2........0....@..........................@............@.................................t5......................................02..8...........................p1..@............0...............................text...t........................... ..`.rdata.......0......................@..@.data...,E...@...B...$..............@....reloc...............f..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):86016
                                                                                                                                                            Entropy (8bit):6.234215186280302
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:S97iRkxTeSbKR0IlzUMp9ok6avzYc/Zt60tNd6:SRiSxbbq59PxT60tNd6
                                                                                                                                                            MD5:2EF8DA551CF5AB2AB6E3514321791EAB
                                                                                                                                                            SHA1:D618D2D2B8F272F75F1E89CB2023EA6A694B7773
                                                                                                                                                            SHA-256:50691A77E2B8153D8061BD35D9280C0E69175196CDCF876203CCECF8BCFD7C19
                                                                                                                                                            SHA-512:3073ED8A572A955BA120E2845819AFE9E13D226879DB7A0CD98752FD3E336A57BAF17A97A38F94412EEB500FD0A0C8BAC55FDBDFEF2C7CBF970A7091CDFC0E00
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I......%......d.....d......d......%............d.....d....Rich..........................PE..L....r.c.....................`.......!............@..........................p..............................................T...P....`..............................................................`...@............................................text............................... ..`.rdata...........0..................@..@.data....4... ... ... ..............@....rsrc........`.......@..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2574749
                                                                                                                                                            Entropy (8bit):7.9964608655260845
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:49152:AGdM6Fyam6/shkFP63zokMa5YY1ukGkF9JSjKpjLU4PRsZwYxWNFNg9zSsqOOKX:ddM8x/ukFyZ5F1uK/Jl84WZwY4NFNg97
                                                                                                                                                            MD5:D33F5C381C8A2DC544C313355BA4EB64
                                                                                                                                                            SHA1:A342AFFF06633CACDB904C28EC7B78A8BFD559FD
                                                                                                                                                            SHA-256:E40F0C222B4E696C27BE11D5250C3763F04E5C4E7F1525BECD1EC11B333B4C5D
                                                                                                                                                            SHA-512:77BD9D3A35129C392DB6976279C32216E35E174A658FA03660B6A874391E3D048F640546EEF2094FE5498D495726359581BA2C2A81775F66A23EEEC397157417
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D...................@..........................0...................@..............................P........*..........................................................................................................CODE................................ ..`DATA....H...........................@...BSS.....4................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............0......................@..P........................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:XML 1.0 document text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):223
                                                                                                                                                            Entropy (8bit):4.745008847905136
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:TM3i0b9ZjZvKtWRbtmdsfbPAxjqm1bANKvn:TM3i0b9BZKtWRbtmdsfbPAxjqSkNKv
                                                                                                                                                            MD5:A6A676051F857D516F6C4BEC595A7CFB
                                                                                                                                                            SHA1:10E7C48A109FFBE60FA7AB3585C4BD711942CBD2
                                                                                                                                                            SHA-256:98686E602B5F75BBCEB801CA315617579AD9FFE9E2DF66D49673EA35A7E1F343
                                                                                                                                                            SHA-512:DF302B28E5897BAC668AD1AE2B32D2424AF7C8CDF4527AC54EA268E6E9FBF41EFE28B236AF25CEACB5E5ACD95B6C99B8CF95FA735687358A265BD59E2B127BA6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object.</Details></Error>
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:HTML document, Non-ISO extended-ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):104163
                                                                                                                                                            Entropy (8bit):5.319709514774895
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:hGqTEcroOdrt6wMC0r4+P/wznIEuZkX+ranIy+K07Qs4keJWd3Fywm+Z/Pu9WJPo:hXo69B2Fywb+yh4mouu6KgPd0
                                                                                                                                                            MD5:685507E38D69FBF6E6D0A32319EECF0A
                                                                                                                                                            SHA1:B55E5026D20F0033E8051070BC4AC566C770304C
                                                                                                                                                            SHA-256:405CB6CBFA1CA036C434EC75620BE66AE341A13E2C2DB9CDEF7DF3DF7E54EC5B
                                                                                                                                                            SHA-512:05BDC7F0EFDA25D2A2A35AA104C4E06AC8C0F9994E150BCF138E5D965761AC0D983F5D6069753A4285BB47FCB645BC070D2738069CC8FC8C9D27ACD871AC3005
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang='en' dir='ltr'>.<head>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?6" />..<link rel="apple-touch-icon" href="/images/icons/pwa/apple/default.png?15">..<meta http-equiv="content-type" content="text/html; charset=windows-1251" />.<meta http-equiv="origin-trial" content="AiymFI85w2/GSGbzrplgUbWCwiuDfQeTCHPPgkPyHNNKBwYayXHKnxa3pfWYRSqBJSDavyxBmG9yNNKv2edogw4AAABceyJvcmlnaW4iOiJodHRwczovL3ZrLmNvbTo0NDMiLCJmZWF0dXJlIjoiV2ViQ29kZWNzIiwiZXhwaXJ5IjoxNjM4NDAzMTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="><meta name="theme-color" content="#ffffff">.<meta name="color-scheme" content="light">..<title>Error | VK</title>..<noscript><meta http-equiv="refresh" content="0; URL=/badbrowser.php"></noscript>.<script nomodule>/*nomodule*/(function(){"use strict";function t(){var t=new XMLHttpRequest;t.open("GET","/badbrowser_stat.php?act=nomodule"),t.send()}return t})()({});</script>..<link type="text/css" rel="st
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):410112
                                                                                                                                                            Entropy (8bit):6.362808688244883
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:NrkuBHTtY9Jgfq80nzm5tBD2AsG8x0Ca0Hv06A0md0OUGHLzmijOceK2HSw3pXqC:NrkIT/y8T5PVsSnXOc+HSQJKLw
                                                                                                                                                            MD5:9519C85C644869F182927D93E8E25A33
                                                                                                                                                            SHA1:EADC9026E041F7013056F80E068ECF95940EA060
                                                                                                                                                            SHA-256:F0DC8FA1A18901AC46F4448E434C3885A456865A3A309840A1C4AC67FD56895B
                                                                                                                                                            SHA-512:DCC1DD25BBA19AAF75EC4A1A69DC215EB519E9EE3B8F7B1BD16164B736B3AA81389C076ED4E8A17A1CBFAEC2E0B3155DF039D1BCA3C7186CFEB9950369BCCF23
                                                                                                                                                            Malicious:true
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MALWARE_Win_DLInjector06, Description: Detects downloader / injector, Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe, Author: ditekSHen
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H\.i.\.i.\.i...j.V.i...l...i...m.M.i...j.J.i...l.w.i...m.I.i...h.U.i.\.h. .i...`.Y.i.....].i...k.].i.Rich\.i.........................PE..L...S..b.................Z...................p....@.......................................@.................................8...d....@.......................P...&..\...8...............................@............p...............................text.../Y.......Z.................. ..`.rdata..F....p.......^..............@..@.data........ ......................@....rsrc........@......................@..@.reloc...&...P...(..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1473775
                                                                                                                                                            Entropy (8bit):7.898388114496262
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:I/XEXjJSFHUKr4Uk0z1YBuCBuxFuxolmK3ywCfl1MGC6vUnbDB3LDh/Kis4Zt:I/oSrU2ruSmK3hYlfXcZ3Lli4Zt
                                                                                                                                                            MD5:47D8824241636F9895D127858B55401F
                                                                                                                                                            SHA1:C3EC120E33E0723FBE509DCBF08E1605986B43D6
                                                                                                                                                            SHA-256:EDA1406B045F2BBCBFA4F46B5995B995AFE5EBC81EB17FB04907D29C00EB484F
                                                                                                                                                            SHA-512:B023A708CF205739E1873EACA901ABED1D76C82E45AD014CC2BB9638C36F1EFF6FE6586DC92B36C695B414733E13BB482C5DD5CD719AD6396DFCE6141CCA3D08
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..............U...U...UM.RU.UM.PUt..UM.QU.UX.^U...UX..T.UX..T.UX..T..U.. U.U..0U...U...U...U...T..U...T...U..\U...U...T...URich...U........................PE..L....U.a.................b...........B............@.......................................@.............................4...4...<...............................X(......T...........................h...@............... ............................text....`.......b.................. ..`.rdata..t............f..............@..@.data...8]...0......................@....didat..`...........................@....rsrc...............................@..@.reloc..X(.......*..................@..B................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3210240
                                                                                                                                                            Entropy (8bit):7.948059560743614
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:mHjaMebZao0p4kwkC/yRLmsH5NnyjqCgcg:mH2vaoy3wkC/yRLb5Nny
                                                                                                                                                            MD5:106078BB0964B75800DA2013419239D9
                                                                                                                                                            SHA1:44F3C39446CEBB7349697703CC88BD0C014B6C7E
                                                                                                                                                            SHA-256:7E0BD7043B674F37A6C086FCD8AA5DDB0EC4BA675E4860E30F88ABE3CFE4B879
                                                                                                                                                            SHA-512:E9172ECBDDC2D11291D6DA05A65D967984C72317D525451AD13DBD6931B5B1BF580237926A4F6CD40D265F5B559EFAA961352E348CE22827B3E52552CA618B7E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w;.......................X......pCN.. ........@.. ........................x.......1...`.................................:`..P........U.......................................................................................................... ..... ...................... ..`.rsrc....U.......V..................@..@ .....@.......j..............@..B.idata... ...`.......l..............@....themida..D..........n..............`....boot.....*..@N...*..n..............`..`................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3949568
                                                                                                                                                            Entropy (8bit):7.826047385956034
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:5Hlmczc++8BF8C6By21hlcOUEFDKMYrY5ok8:rmUcjny4lcvKODYb8
                                                                                                                                                            MD5:77D8DF4427C8B1A28C8D2591A9C92A70
                                                                                                                                                            SHA1:9A0E1CA712F93F4AB30B162F5C9B04D9C825F1F9
                                                                                                                                                            SHA-256:00CBD7C3427B9D2E960BD1D3FB04D3897A7C53486B52E5C42F0C2C6678A63762
                                                                                                                                                            SHA-512:8204C35C4B4AA6A15C4D32D8600D0792E21296AF633FC0AB45141ABDFD7BCF0FB9B96A972F7734E01CA0EE9002D0E730F6380C5593ED0CA5E534C7C48ED83B98
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...\n.c..........#...................T........@............................. j........... ................................................. c8.......j.......i.............................................;/.0...P.i.8............................................text.............................. ..`.rdata..|V..........................@..@.data........0......................@....pdata..............................@..@_RDATA.......`......................@..@.vmp0...|_...p......................`..`.vmp1...t=<...-..><.................`..h.rsrc.........j......B<.............@..@................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):2.7438716898458617
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Pz1dhr52R/AtLEb7kUqvb7kE+wb7klLb7kLb7kbIl9lvb7k0tplJb7k3b7kJb7kM:X2S40Uc0M0B0L0U910ClJ030J0409O
                                                                                                                                                            MD5:97CB08F5327DE2EA78E7E29311B55181
                                                                                                                                                            SHA1:D3A81F0AB86DE16028D8CB840648F6958FAAD2F3
                                                                                                                                                            SHA-256:44CE9CB1C93FD8BC89ECB2D553985FA3ADFACE36F9F15EDDE2F0DD2DFCC2FA19
                                                                                                                                                            SHA-512:B124A42EB4F75B42B041956EFF200B80E1EF744C6B52A5FDDBB1F8EF198C24FAB768C08C37D4FD73A776E14BFA51623CA9C65DB6965E24963041C918FB822DF9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:....................................................!...............................\....d.......................B......1HE.....Zb....... ..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1............................................................g.{...... .......l_............E.C.C.B.1.7.5.F.-.1.E.B.2.-.4.3.D.A.-.B.F.B.5.-.A.8.D.5.8.A.4.0.A.4.D.7...C.:.\.W.i.n.d.o.w.s.\.l.o.g.s.\.w.a.a.s.m.e.d.i.c.\.w.a.a.s.m.e.d.i.c...2.0.2.2.0.9.0.2._.2.0.4.8.3.6._.3.7.0...e.t.l.............P.P.....\....d..................................................................9.B..d......17134.1.amd64fre.rs4_release.180410-1804............5.@..d......OYo."(.s..O........WaaSMedicSvc.pdb............................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11
                                                                                                                                                            Entropy (8bit):3.2776134368191165
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1EX:10
                                                                                                                                                            MD5:EC3584F3DB838942EC3669DB02DC908E
                                                                                                                                                            SHA1:8DCEB96874D5C6425EBB81BFEE587244C89416DA
                                                                                                                                                            SHA-256:77C7C10B4C860D5DDF4E057E713383E61E9F21BCF0EC4CFBBC16193F2E28F340
                                                                                                                                                            SHA-512:35253883BB627A49918E7415A6BA6B765C86B516504D03A1F4FD05F80902F352A7A40E2A67A6D1B99A14B9B79DAB82F3AC7A67C512CCF6701256C13D0096855E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:[General]..
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):127
                                                                                                                                                            Entropy (8bit):5.080093624462795
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1ELGUAgKLMzY+eWgTckbnnvjiBIFVTjSUgf4orFLsUov:1WsMzYHxbnvEcvgqv
                                                                                                                                                            MD5:8EF9853D1881C5FE4D681BFB31282A01
                                                                                                                                                            SHA1:A05609065520E4B4E553784C566430AD9736F19F
                                                                                                                                                            SHA-256:9228F13D82C3DC96B957769F6081E5BAC53CFFCA4FFDE0BA1E102D9968F184A2
                                                                                                                                                            SHA-512:5DDEE931A08CFEA5BB9D1C36355D47155A24D617C2A11D08364FFC54E593064011DEE4FEA8AC5B67029CAB515D3071F0BA0422BB76AF492A3115272BA8FEB005
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:[General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}]..Version=1..
                                                                                                                                                            Process:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1926
                                                                                                                                                            Entropy (8bit):3.310422749310586
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:wSLevFeSLe5BeSwbv5qweSw4q7j/eScdepWDbVeScden2W8eScdemevtmeScdeRg:KFIBkbv5qwk4qfKV2QxVCZ
                                                                                                                                                            MD5:CDFD60E717A44C2349B553E011958B85
                                                                                                                                                            SHA1:431136102A6FB52A00E416964D4C27089155F73B
                                                                                                                                                            SHA-256:0EE08DA4DA3E4133E1809099FC646468E7156644C9A772F704B80E338015211F
                                                                                                                                                            SHA-512:DFEA0D0B3779059E64088EA9A13CD6B076D76C64DB99FA82E6612386CAE5CDA94A790318207470045EF51F0A410B400726BA28CB6ECB6972F081C532E558D6A8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:PReg....[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.A.n.t.i.S.p.y.w.a.r.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.R.o.u.t.i.n.e.l.y.T.a.k.i.n.g.A.c.t.i.o.n...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s...;.E.x.c.l.u.s.i.o.n.s._.E.x.t.e.n.s.i.o.n.s...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s.\.E.x.t.e.n.s.i.o.n.s...;.e.x.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.r.o.t.e.c.t.i.o.n...;.D.i.s.a.b.l.e.B.e.h.a.v.i.o.r.M.o.n.i.t.o.r.i.n.g...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.
                                                                                                                                                            Process:C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2
                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:y:y
                                                                                                                                                            MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                            SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                            SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                            SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..
                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\6Z9UYZuB.exe
                                                                                                                                                            File Type:GLS_BINARY_LSB_FIRST
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):160
                                                                                                                                                            Entropy (8bit):4.438743916256937
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
                                                                                                                                                            MD5:E467C82627F5E1524FDB4415AF19FC73
                                                                                                                                                            SHA1:B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
                                                                                                                                                            SHA-256:116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
                                                                                                                                                            SHA-512:2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............
                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Entropy (8bit):7.971476290508255
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:BLAoQPacf8.exe
                                                                                                                                                            File size:2828304
                                                                                                                                                            MD5:358e055b5c145bcce4d12806fff67639
                                                                                                                                                            SHA1:299d6679158b7a705b5e9043aea08703570f8daa
                                                                                                                                                            SHA256:48d531158fd3462c5760296fb78d808f103d7a619ee5a8e6200163d7aaf78de0
                                                                                                                                                            SHA512:a4b24736dfb06e26cce5fab926d096ab9e972bd71a02fc789788ca7953ee376b1423144f01a6b56e6d156fe9c1e549a7818cd186171f08a930e3b636eb58417c
                                                                                                                                                            SSDEEP:49152:Af8a5Xoq179LsBTR4vmYsDh8vTDNAbDrOuqbw+J7nXVnGNDowA9dhbEGKz:Af8a5T9WyXR8Guql7nXNGZoXVVKz
                                                                                                                                                            TLSH:3ED53332B5A05F9AC17982715835B8C78B66B539CFAE5359B14F23684E3021C5F3F2B2
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......M...M...M...L...M...L...M...L...Mr..M...MF..LN..MF..L...MF..L...M...L...M...M...M...LU..M...M...M..uM...M...L...MRich...
                                                                                                                                                            Icon Hash:88fefaccdab2b2c6
                                                                                                                                                            Entrypoint:0x98c448
                                                                                                                                                            Entrypoint Section:.boot
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x63072A5A [Thu Aug 25 07:52:58 2022 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:6
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:6
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:a00837800ad7e54f9c0c0103e7562cb2
                                                                                                                                                            Instruction
                                                                                                                                                            call 00007FA288D99F50h
                                                                                                                                                            push ebx
                                                                                                                                                            mov ebx, esp
                                                                                                                                                            push ebx
                                                                                                                                                            mov esi, dword ptr [ebx+08h]
                                                                                                                                                            mov edi, dword ptr [ebx+10h]
                                                                                                                                                            cld
                                                                                                                                                            mov dl, 80h
                                                                                                                                                            mov al, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            mov byte ptr [edi], al
                                                                                                                                                            inc edi
                                                                                                                                                            mov ebx, 00000002h
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            jnc 00007FA288D99DECh
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            jnc 00007FA288D99E53h
                                                                                                                                                            xor eax, eax
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            jnc 00007FA288D99EE7h
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            adc eax, eax
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            adc eax, eax
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            adc eax, eax
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            adc eax, eax
                                                                                                                                                            je 00007FA288D99E0Ah
                                                                                                                                                            push edi
                                                                                                                                                            mov eax, eax
                                                                                                                                                            sub edi, eax
                                                                                                                                                            mov al, byte ptr [edi]
                                                                                                                                                            pop edi
                                                                                                                                                            mov byte ptr [edi], al
                                                                                                                                                            inc edi
                                                                                                                                                            mov ebx, 00000002h
                                                                                                                                                            jmp 00007FA288D99D9Bh
                                                                                                                                                            mov eax, 00000001h
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            adc eax, eax
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            jc 00007FA288D99DECh
                                                                                                                                                            sub eax, ebx
                                                                                                                                                            mov ebx, 00000001h
                                                                                                                                                            jne 00007FA288D99E2Ah
                                                                                                                                                            mov ecx, 00000001h
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            adc ecx, ecx
                                                                                                                                                            add dl, dl
                                                                                                                                                            jne 00007FA288D99E07h
                                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                                            inc esi
                                                                                                                                                            adc dl, dl
                                                                                                                                                            jc 00007FA288D99DECh
                                                                                                                                                            push esi
                                                                                                                                                            mov esi, edi
                                                                                                                                                            sub esi, ebp
                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2f608b0xa4.idata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2f80000x8b7c.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x6fe0000x10.reloc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x2f70180x18.tls
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            0x10000x203cdf0xd2600unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            0x2050000x2a3120x12800False0.9990102407094594data7.975320489927133IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            0x2300000x8a900x1200False0.9789496527777778data7.853450277632635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            0x2390000xb11b10x4a200False0.9986430227655987data7.986939887820798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            0x2eb0000xa60c0x6e00False0.999609375data7.969455214592663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .idata0x2f60000x10000x200False0.328125data2.462979211022953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .tls0x2f70000x10000x200False0.056640625data0.18120187678200297IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .rsrc0x2f80000x8c000x8c00False0.6169642857142857data6.563037976601957IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .themida0x3010000x28a0000x0unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .boot0x58b0000x1724000x172400False0.9833048035533424data7.936930737785185IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .reloc0x6fe0000x10000x10False1.5GLS_BINARY_LSB_FIRST2.474601752714581IMAGE_SCN_MEM_READ
                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                            RT_ICON0x2f81980x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                            RT_ICON0x2f86100x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                            RT_ICON0x2f96c80x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                            RT_ICON0x2fbc800x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 5987163, next used block 8816262EnglishUnited States
                                                                                                                                                            RT_STRING0x2ffeb80x8cdataEnglishUnited States
                                                                                                                                                            RT_GROUP_ICON0x2fff540x3edataEnglishUnited States
                                                                                                                                                            RT_VERSION0x2fffa40x3ccdataEnglishUnited States
                                                                                                                                                            RT_MANIFEST0x3003800x7f5XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                            DLLImport
                                                                                                                                                            kernel32.dllGetModuleHandleA
                                                                                                                                                            USER32.dllCharNextA
                                                                                                                                                            ADVAPI32.dllRegCloseKey
                                                                                                                                                            SHELL32.dllShellExecuteA
                                                                                                                                                            ole32.dllCoCreateInstance
                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                            EnglishUnited States
                                                                                                                                                            No network behavior found

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:13:47:19
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Desktop\BLAoQPacf8.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\BLAoQPacf8.exe"
                                                                                                                                                            Imagebase:0x1330000
                                                                                                                                                            File size:2828304 bytes
                                                                                                                                                            MD5 hash:358E055B5C145BCCE4D12806FFF67639
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000003.307393179.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            Reputation:low

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:13:47:23
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s fhsvc
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:13:47:23
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            Target ID:6
                                                                                                                                                            Start time:13:47:56
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k netsvcs -p -s wisvc
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:7
                                                                                                                                                            Start time:13:48:00
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\tCcv8lF4UYTMplGGrWDw5cWW.exe"
                                                                                                                                                            Imagebase:0x9d0000
                                                                                                                                                            File size:3210240 bytes
                                                                                                                                                            MD5 hash:106078BB0964B75800DA2013419239D9
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET

                                                                                                                                                            Target ID:8
                                                                                                                                                            Start time:13:48:00
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe"
                                                                                                                                                            Imagebase:0x10e0000
                                                                                                                                                            File size:410112 bytes
                                                                                                                                                            MD5 hash:9519C85C644869F182927D93E8E25A33
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: MALWARE_Win_DLInjector06, Description: Detects downloader / injector, Source: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe, Author: ditekSHen

                                                                                                                                                            Target ID:9
                                                                                                                                                            Start time:13:48:00
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\tATOZ_TcqCv6HE8KoljJlz43.exe"
                                                                                                                                                            Imagebase:0xed0000
                                                                                                                                                            File size:1473775 bytes
                                                                                                                                                            MD5 hash:47D8824241636F9895D127858B55401F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:10
                                                                                                                                                            Start time:13:48:01
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\ya8r1xvulFithxJ9UL7uu94j.exe"
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:3949568 bytes
                                                                                                                                                            MD5 hash:77D8DF4427C8B1A28C8D2591A9C92A70
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:11
                                                                                                                                                            Start time:13:48:02
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\0SEWW7Fboj9D5RnPnbU1p9yZ.exe"
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:1280000 bytes
                                                                                                                                                            MD5 hash:76000A1A15850FCAA06877E21F7EB348
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:12
                                                                                                                                                            Start time:13:48:03
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe"
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:2574749 bytes
                                                                                                                                                            MD5 hash:D33F5C381C8A2DC544C313355BA4EB64
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:13:48:03
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\4Luq2Awo847C90gLhrh33Vce.exe"
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:5239600 bytes
                                                                                                                                                            MD5 hash:469B0C97D2AA9A03581536D485BC8864
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000003.440795161.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                                            Target ID:14
                                                                                                                                                            Start time:13:48:03
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe"
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:86016 bytes
                                                                                                                                                            MD5 hash:2EF8DA551CF5AB2AB6E3514321791EAB
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:15
                                                                                                                                                            Start time:13:48:03
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\38em7CPwWyzLEPAoMPchCiaK.exe"
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:6882816 bytes
                                                                                                                                                            MD5 hash:83FD77104C17653424A3D3894DBE8793
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.524714059.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.545294513.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.539746359.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.550907503.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.489630303.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.523465183.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.535153415.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.558024240.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.522049634.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.469725167.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.533563300.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.484746978.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.520204602.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.529998122.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.534243004.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.536624502.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.491643053.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.553660422.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.540892625.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.560460590.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.445380406.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.494187786.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000002.779000136.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.447386475.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.526015370.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.495245937.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.527706860.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.561554570.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.556590533.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.531653272.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.549748652.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.559427747.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.551971341.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.455822144.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.485639220.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.562233299.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.518652474.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.498479637.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.552415581.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.554938607.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.462372522.0000000001130000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.521141792.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.447653937.0000000001126000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.447783579.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.538614694.000000000112F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.447015698.0000000001126000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                                            Target ID:16
                                                                                                                                                            Start time:13:48:05
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7fcd70000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:17
                                                                                                                                                            Start time:13:48:06
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7fcd70000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:18
                                                                                                                                                            Start time:13:48:11
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Windows\System32\regsvr32.exe" /U .\dJ9D2LWF.S5p /S
                                                                                                                                                            Imagebase:0x2a0000
                                                                                                                                                            File size:20992 bytes
                                                                                                                                                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:21
                                                                                                                                                            Start time:13:48:22
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Pictures\Minor Policy\Mvid01XiHg4mGe4qVGe0NVxb.exe" -h
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:86016 bytes
                                                                                                                                                            MD5 hash:2EF8DA551CF5AB2AB6E3514321791EAB
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:22
                                                                                                                                                            Start time:13:48:22
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-3TJPK.tmp\is-SL6OH.tmp" /SL4 $20358 "C:\Users\user\Pictures\Minor Policy\N2ANCtOGK6Q7WT1u6BEuU3DI.exe" 2324125 52736
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:673792 bytes
                                                                                                                                                            MD5 hash:FEC7BFF4C36A4303ADE51E3ED704E708
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:23
                                                                                                                                                            Start time:13:48:23
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7fcd70000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:24
                                                                                                                                                            Start time:13:48:35
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:25
                                                                                                                                                            Start time:13:48:47
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                            Imagebase:0x7ff7b5bd0000
                                                                                                                                                            File size:488448 bytes
                                                                                                                                                            MD5 hash:A782A4ED336750D10B3CAF776AFE8E70
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:26
                                                                                                                                                            Start time:13:48:49
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                                                                                                                                                            Imagebase:0x7ff6d49f0000
                                                                                                                                                            File size:69632 bytes
                                                                                                                                                            MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:27
                                                                                                                                                            Start time:13:48:50
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",open
                                                                                                                                                            Imagebase:0xd80000
                                                                                                                                                            File size:61952 bytes
                                                                                                                                                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001B.00000002.729788391.0000000003164000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 0000001B.00000002.729788391.0000000003164000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 0000001B.00000002.729788391.0000000003164000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Fabookie, Description: Detects Fabookie / ElysiumStealer, Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 0000001B.00000002.724987666.0000000003080000.00000004.00001000.00020000.00000000.sdmp, Author: unknown

                                                                                                                                                            Target ID:28
                                                                                                                                                            Start time:13:48:57
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001C.00000003.522751079.000002493D8C0000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 0000001C.00000003.522751079.000002493D8C0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 0000001C.00000003.522751079.000002493D8C0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 0000001C.00000000.530817849.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 0000001C.00000002.844597458.000002493D930000.00000040.00000001.00020000.00000000.sdmp, Author: unknown

                                                                                                                                                            Target ID:29
                                                                                                                                                            Start time:13:49:02
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Program Files (x86)\ccSearcher\ccsearcher.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Program Files (x86)\ccSearcher\ccsearcher.exe"
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:4505597 bytes
                                                                                                                                                            MD5 hash:0545F55B7F65691C450919EE98E9C6B8
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 0000001D.00000002.603100240.0000000001BA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 0000001D.00000002.591652469.0000000000400000.00000040.00000001.01000000.0000001D.sdmp, Author: Joe Security
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 100%, Joe Sandbox ML

                                                                                                                                                            Target ID:30
                                                                                                                                                            Start time:13:49:05
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\svchost.exe -k WspService
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000003.557495596.00000246AB4A3000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000002.868218079.00000246AD51B000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000002.867270218.00000246AD500000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000002.841816607.00000246AB350000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 0000001E.00000002.841816607.00000246AB350000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 0000001E.00000002.841816607.00000246AB350000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000003.577046507.00000246AB4A3000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000002.850918860.00000246AB4B7000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 0000001E.00000002.854827743.00000246AB600000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., Source: 0000001E.00000002.930634142.00000246AE240000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001E.00000002.930634142.00000246AE240000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth

                                                                                                                                                            Target ID:32
                                                                                                                                                            Start time:13:49:10
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000020.00000000.561636495.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000020.00000003.556299621.000002E4A0FA0000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000020.00000003.556299621.000002E4A0FA0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000020.00000003.556299621.000002E4A0FA0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000020.00000002.849325058.000002E4A1010000.00000040.00000001.00020000.00000000.sdmp, Author: unknown

                                                                                                                                                            Target ID:33
                                                                                                                                                            Start time:13:49:23
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000021.00000003.582029964.0000023FFE940000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000021.00000003.582029964.0000023FFE940000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000021.00000003.582029964.0000023FFE940000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000021.00000000.596607201.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000021.00000002.849090987.0000023FFE9B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown

                                                                                                                                                            Target ID:34
                                                                                                                                                            Start time:13:49:26
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:35
                                                                                                                                                            Start time:13:49:29
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /c taskkill /im "ccsearcher.exe" /f & erase "C:\Program Files (x86)\ccSearcher\ccsearcher.exe" & exit
                                                                                                                                                            Imagebase:0x11d0000
                                                                                                                                                            File size:232960 bytes
                                                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:36
                                                                                                                                                            Start time:13:49:31
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7fcd70000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:37
                                                                                                                                                            Start time:13:49:35
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:taskkill /im "ccsearcher.exe" /f
                                                                                                                                                            Imagebase:0x110000
                                                                                                                                                            File size:74752 bytes
                                                                                                                                                            MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:38
                                                                                                                                                            Start time:13:49:35
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\dIo5PnRp.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\dIo5PnRp.exe"
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            File size:6353920 bytes
                                                                                                                                                            MD5 hash:A0CCE836755A2B064842089D16EA5561
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000026.00000002.682128916.0000000000401000.00000020.00000001.01000000.0000001E.sdmp, Author: unknown

                                                                                                                                                            Target ID:40
                                                                                                                                                            Start time:13:49:41
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000028.00000003.632389452.0000017738D30000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000028.00000003.632389452.0000017738D30000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000028.00000003.632389452.0000017738D30000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000028.00000002.859938155.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000028.00000000.644635631.0000017739340000.00000040.00000001.00020000.00000000.sdmp, Author: unknown

                                                                                                                                                            Target ID:41
                                                                                                                                                            Start time:13:50:03
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000029.00000003.675917450.0000014F76F40000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000029.00000003.675917450.0000014F76F40000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000029.00000003.675917450.0000014F76F40000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000029.00000000.683214898.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_ManusCrypt, Description: Yara detected ManusCrypt, Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_Chebka, Description: Detects Chebka, Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: Windows_Trojan_Generic_a681f24a, Description: unknown, Source: 00000029.00000002.849048575.0000014F76FB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown

                                                                                                                                                            Target ID:42
                                                                                                                                                            Start time:13:50:04
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\6Z9UYZuB.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\6Z9UYZuB.exe"
                                                                                                                                                            Imagebase:0x10f0000
                                                                                                                                                            File size:4232704 bytes
                                                                                                                                                            MD5 hash:96EC3EFA9BD454550B615DF142B08295
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:43
                                                                                                                                                            Start time:13:50:05
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:/C /create /F /sc minute /mo 5 /tn "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}" /tr "C:\Users\user\AppData\Roaming\Windows\System32\sihost.exe"
                                                                                                                                                            Imagebase:0xe30000
                                                                                                                                                            File size:185856 bytes
                                                                                                                                                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:44
                                                                                                                                                            Start time:13:50:12
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7fcd70000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:45
                                                                                                                                                            Start time:13:50:14
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:/C /Query /XML /TN "Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}"
                                                                                                                                                            Imagebase:0xe30000
                                                                                                                                                            File size:185856 bytes
                                                                                                                                                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:46
                                                                                                                                                            Start time:13:50:15
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7fcd70000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Target ID:47
                                                                                                                                                            Start time:13:50:20
                                                                                                                                                            Start date:02/09/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                            Imagebase:0x7ff6ffff0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:12.8%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                              Signature Coverage:27.6%
                                                                                                                                                              Total number of Nodes:29
                                                                                                                                                              Total number of Limit Nodes:5
                                                                                                                                                              execution_graph 10617 163a432 10618 163a407 10617->10618 10622 163d469 10618->10622 10627 163d478 10618->10627 10619 163b685 10623 163d49c 10622->10623 10624 163d588 10623->10624 10632 163d641 10623->10632 10637 163d650 10623->10637 10624->10619 10628 163d49c 10627->10628 10629 163d588 10628->10629 10630 163d641 DeleteFileW 10628->10630 10631 163d650 DeleteFileW 10628->10631 10629->10619 10630->10628 10631->10628 10634 163d674 10632->10634 10633 163d729 10633->10623 10634->10633 10642 163d778 10634->10642 10647 163d788 10634->10647 10639 163d674 10637->10639 10638 163d729 10638->10623 10639->10638 10640 163d778 DeleteFileW 10639->10640 10641 163d788 DeleteFileW 10639->10641 10640->10639 10641->10639 10643 163d72d 10642->10643 10644 163d787 10642->10644 10643->10634 10651 163c5e4 10644->10651 10648 163d7af 10647->10648 10649 163c5e4 DeleteFileW 10648->10649 10650 163d830 10649->10650 10650->10634 10652 163d8a8 DeleteFileW 10651->10652 10654 163d830 10652->10654 10654->10634

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 113 163d478-163d49a 114 163d4a1-163d4b1 113->114 115 163d49c 113->115 116 163d4b2 114->116 115->114 117 163d4b9-163d4d5 116->117 118 163d4d7 117->118 119 163d4de-163d4df 117->119 118->116 120 163d5a1 118->120 121 163d5d0-163d606 118->121 122 163d4e4-163d4f7 118->122 123 163d4f9 118->123 124 163d588-163d589 118->124 125 163d608-163d60d 118->125 126 163d54c 118->126 119->122 119->124 128 163d5a8-163d5c4 120->128 121->128 122->117 145 163d4f9 call 163d968 123->145 146 163d4f9 call 163d958 123->146 147 163d4f9 call 163dace 123->147 148 163d4f9 call 163e00d 123->148 124->120 127 163d60f-163d617 124->127 125->127 143 163d54f call 163d641 126->143 144 163d54f call 163d650 126->144 133 163d5c6 128->133 134 163d5cd-163d5ce 128->134 130 163d555-163d583 130->117 131 163d4ff-163d52c 142 163d535-163d547 131->142 133->120 133->121 133->125 134->121 134->125 142->117 143->130 144->130 145->131 146->131 147->131 148->131
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: u)Lk
                                                                                                                                                              • API String ID: 0-3432335876
                                                                                                                                                              • Opcode ID: c1102b182f48fbad87555f8262a6d489adcc18ebb58c5e9a4904cf49cff5bf1d
                                                                                                                                                              • Instruction ID: 0e65b69ec5a4b50115ebe37c4d0039f741d233e17cee234d38da128171883cf0
                                                                                                                                                              • Opcode Fuzzy Hash: c1102b182f48fbad87555f8262a6d489adcc18ebb58c5e9a4904cf49cff5bf1d
                                                                                                                                                              • Instruction Fuzzy Hash: 0D4144B4E15218DFCB08CFA9D8455EDBBB2FF8D311F50942AE40AA7364DB349902CB14
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 149 163d469-163d49a 150 163d4a1-163d4b1 149->150 151 163d49c 149->151 152 163d4b2 150->152 151->150 153 163d4b9-163d4d5 152->153 154 163d4d7 153->154 155 163d4de-163d4df 153->155 154->152 156 163d5a1 154->156 157 163d5d0-163d606 154->157 158 163d4e4-163d4f7 154->158 159 163d4f9 154->159 160 163d588-163d589 154->160 161 163d608-163d60d 154->161 162 163d54c 154->162 155->158 155->160 164 163d5a8-163d5c4 156->164 157->164 158->153 181 163d4f9 call 163d968 159->181 182 163d4f9 call 163d958 159->182 183 163d4f9 call 163dace 159->183 184 163d4f9 call 163e00d 159->184 160->156 163 163d60f-163d617 160->163 161->163 179 163d54f call 163d641 162->179 180 163d54f call 163d650 162->180 169 163d5c6 164->169 170 163d5cd-163d5ce 164->170 166 163d555-163d583 166->153 167 163d4ff-163d52c 178 163d535-163d547 167->178 169->156 169->157 169->161 170->157 170->161 178->153 179->166 180->166 181->167 182->167 183->167 184->167
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: u)Lk
                                                                                                                                                              • API String ID: 0-3432335876
                                                                                                                                                              • Opcode ID: f41f75e190f99cd3c98ab0853c71e72eead2c01c6a72f8df72c32b05b7cdf38b
                                                                                                                                                              • Instruction ID: 032e06e19e837061ebff32835e7d1593da87ac125f7fc587f892cb660d999223
                                                                                                                                                              • Opcode Fuzzy Hash: f41f75e190f99cd3c98ab0853c71e72eead2c01c6a72f8df72c32b05b7cdf38b
                                                                                                                                                              • Instruction Fuzzy Hash: 9B4112B4E15218DFCB08CFA9D9456EDBBB2FF89311F14952AE406A7364DB349902CB14
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8ede6e088c830a84c98e91426831e1ee996661548f4e2a6e76b4a39e8442cc12
                                                                                                                                                              • Instruction ID: f138e88c8c78c6df67aeb0ba51e0a1812b3cdf4be43444b6dac5fa298c3b45c6
                                                                                                                                                              • Opcode Fuzzy Hash: 8ede6e088c830a84c98e91426831e1ee996661548f4e2a6e76b4a39e8442cc12
                                                                                                                                                              • Instruction Fuzzy Hash: 6331A4B5E006188BDB58CFAAC84479DFBF2BFC8304F14C0AAC418A7255EB345A468F50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9608c88f70c32c5378b0b47a7e349994bf9dccee516d851f2e851135bbc4dab6
                                                                                                                                                              • Instruction ID: 4fc447ff8596c4c4a687c917ee33a5a1ced20a980f24f71900f2285ed1fb0065
                                                                                                                                                              • Opcode Fuzzy Hash: 9608c88f70c32c5378b0b47a7e349994bf9dccee516d851f2e851135bbc4dab6
                                                                                                                                                              • Instruction Fuzzy Hash: CD3174B5D006188FEB58CFAAC94479DFBF2BF88204F14C5AAC418A7265EB745A468F50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 96 163c5e4-163d8f2 99 163d8f4-163d8f7 96->99 100 163d8fa-163d925 DeleteFileW 96->100 99->100 101 163d927-163d92d 100->101 102 163d92e-163d956 100->102 101->102
                                                                                                                                                              APIs
                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 0163D918
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeleteFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4033686569-0
                                                                                                                                                              • Opcode ID: f527bc3b9330f5233416aed92431ffc325790e5f4a2c639af419d455dff1e961
                                                                                                                                                              • Instruction ID: 01ccf4b838e87e67b17183f830c0286dccc1ce3252f4d1782e163090f27a44d5
                                                                                                                                                              • Opcode Fuzzy Hash: f527bc3b9330f5233416aed92431ffc325790e5f4a2c639af419d455dff1e961
                                                                                                                                                              • Instruction Fuzzy Hash: D22115B5C006199BDB10CFA9D4457EEFBB4EB48224F05812AD818B7640D738A945CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 105 163d8a0-163d8f2 107 163d8f4-163d8f7 105->107 108 163d8fa-163d925 DeleteFileW 105->108 107->108 109 163d927-163d92d 108->109 110 163d92e-163d956 108->110 109->110
                                                                                                                                                              APIs
                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 0163D918
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DeleteFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4033686569-0
                                                                                                                                                              • Opcode ID: 11ce70f1c50fbf39275b3428409b40fec5bb75e869b93c1e9f0bed702044ff3f
                                                                                                                                                              • Instruction ID: 423717bca733a7caaab50593c97bd22163d22d9dc31a07a70d5c259a8134bcab
                                                                                                                                                              • Opcode Fuzzy Hash: 11ce70f1c50fbf39275b3428409b40fec5bb75e869b93c1e9f0bed702044ff3f
                                                                                                                                                              • Instruction Fuzzy Hash: D42134B1C006599FDB10CFA9D4417EEFBB4EB88224F04852AD818B7640D338AA41CFA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: h)
                                                                                                                                                              • API String ID: 0-3534180902
                                                                                                                                                              • Opcode ID: c40a45c1896d294a0f7941ec743059aaa9315685275fd25173ddb3278a60b04b
                                                                                                                                                              • Instruction ID: b1c0c551be5a618f0e86efb67790f6344c8e5a71c25bc9af87bb2364e52b0809
                                                                                                                                                              • Opcode Fuzzy Hash: c40a45c1896d294a0f7941ec743059aaa9315685275fd25173ddb3278a60b04b
                                                                                                                                                              • Instruction Fuzzy Hash: 94914974E05619DFCB08CFA6D9819AEFBB2FFC8200F24942AD405B7354DB359A42CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: h)
                                                                                                                                                              • API String ID: 0-3534180902
                                                                                                                                                              • Opcode ID: d97bf55e9a23ae9d50163e9dc1fec6236ee2552424cdc246e37a6b354bffaca1
                                                                                                                                                              • Instruction ID: fef927d36aba0b728ae6ebbf97856aa78bcbbb508094e809ac8eb2d95e5f0f33
                                                                                                                                                              • Opcode Fuzzy Hash: d97bf55e9a23ae9d50163e9dc1fec6236ee2552424cdc246e37a6b354bffaca1
                                                                                                                                                              • Instruction Fuzzy Hash: DA711974E01619DFCB04CFA6D8819AEFBB2FF88300F20942AD405BB354D7359A42CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: s`%<
                                                                                                                                                              • API String ID: 0-3615864622
                                                                                                                                                              • Opcode ID: ca0553798638cffc892d01ef562a74685a9f988d4809bc29677102f936a9bccc
                                                                                                                                                              • Instruction ID: cf0a3f371a919ee1be1406527d92209d4ecbcca2d9d25da8e4e950ef6b23c3a0
                                                                                                                                                              • Opcode Fuzzy Hash: ca0553798638cffc892d01ef562a74685a9f988d4809bc29677102f936a9bccc
                                                                                                                                                              • Instruction Fuzzy Hash: E661E6B4E15219CFCB08CFA9D8849AEFBB2FF89300F10942AE415AB354DB359946CF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: s`%<
                                                                                                                                                              • API String ID: 0-3615864622
                                                                                                                                                              • Opcode ID: 975bd0a4e5b3c83bbaf675d1503cf90bb9406b945a6cf970128eff3e99fb2f37
                                                                                                                                                              • Instruction ID: f7632be4ef806f39a3db1c770da4fab26e3b1c99581cba4d826997adacbbc2a9
                                                                                                                                                              • Opcode Fuzzy Hash: 975bd0a4e5b3c83bbaf675d1503cf90bb9406b945a6cf970128eff3e99fb2f37
                                                                                                                                                              • Instruction Fuzzy Hash: 246107B4E15219CFCB08CFA9D8849AEFBB2FF89300F14942AE415AB354DB359946CF51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bb38a627b651ea8103c8dd0c61d5c5781dfc5c1948b37ab018f91efc770e0ab4
                                                                                                                                                              • Instruction ID: 6420032155ef3d308e38a1cc7bddcccfbcd5702e1a61285e9466c9aa81c8f942
                                                                                                                                                              • Opcode Fuzzy Hash: bb38a627b651ea8103c8dd0c61d5c5781dfc5c1948b37ab018f91efc770e0ab4
                                                                                                                                                              • Instruction Fuzzy Hash: EBA19274B002149FEB59EB7888157AFB6E79BC9348F15843CD11AEB398DF789C028791
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 184998dde339ff9f17e00ebcc36c639d5777bea7ececc3504062de1c9324713f
                                                                                                                                                              • Instruction ID: e50f5e4383e3109548054b55d456523b7f7563309c4fa91b2ea29a20fbd92865
                                                                                                                                                              • Opcode Fuzzy Hash: 184998dde339ff9f17e00ebcc36c639d5777bea7ececc3504062de1c9324713f
                                                                                                                                                              • Instruction Fuzzy Hash: 32D1F831D2074A8BCB10EF64D9916ADB371FFA9201F519B9AD0093B225EF706AC5CF80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c79d73563213c5c13e0dcb500067b90f513247b997067e4a0fc233fe901e9172
                                                                                                                                                              • Instruction ID: 7cdb4ed1772a37ebeaeb643f1d74ffb0c82b0ef7e4c92b3c6dff931dc73f87b5
                                                                                                                                                              • Opcode Fuzzy Hash: c79d73563213c5c13e0dcb500067b90f513247b997067e4a0fc233fe901e9172
                                                                                                                                                              • Instruction Fuzzy Hash: 8FD1F731D2074A8BCB10EF64D9956ADB371FFA9201F519B9AD0093B225EF706AC5CF80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c0e31344efa32f9e904ac6209a91b48ffa7c86fe59de4c5596456715bf10bad2
                                                                                                                                                              • Instruction ID: dab19a6528b2ef993d2ddf7ac18d4cc047ba5932d9feeea631d0960ba24518f8
                                                                                                                                                              • Opcode Fuzzy Hash: c0e31344efa32f9e904ac6209a91b48ffa7c86fe59de4c5596456715bf10bad2
                                                                                                                                                              • Instruction Fuzzy Hash: 25B10974E14219CFCB14CFA9D9809AEFBB2FB89304F24856AD418A7356DB349D41CFA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a4cadc1cfa3f3a0d9333accdc1dfd8b707dcbf2a1bb0d2c0543290ec445de626
                                                                                                                                                              • Instruction ID: a6df6130bca37dd6adb2726ff97c6d9777739dd5fb88161a3ccf75f3fe709fee
                                                                                                                                                              • Opcode Fuzzy Hash: a4cadc1cfa3f3a0d9333accdc1dfd8b707dcbf2a1bb0d2c0543290ec445de626
                                                                                                                                                              • Instruction Fuzzy Hash: D6B10874E142198FDB14CFA9C9809AEFBB2BF89304F24856AE408A7356DB349D41CF61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000007.00000002.932331632.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_7_2_1630000_tCcv8lF4UYTMplGGrWDw5cWW.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b614fb3d4e968d1606d311ace8b1674de0d9aaa73a4fcc21a1de908474631e1b
                                                                                                                                                              • Instruction ID: 2ff6ead59c5476b762e2c121a474648b3a3342b31574afa578bd922c55190e6c
                                                                                                                                                              • Opcode Fuzzy Hash: b614fb3d4e968d1606d311ace8b1674de0d9aaa73a4fcc21a1de908474631e1b
                                                                                                                                                              • Instruction Fuzzy Hash: C6111C71E116189BEB58CFAAD9456DEBEF3AFC9300F18C47AD808A7255DB300A45CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:5.8%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:0.9%
                                                                                                                                                              Total number of Nodes:1613
                                                                                                                                                              Total number of Limit Nodes:47
                                                                                                                                                              execution_graph 17614 10e1000 17615 10e1810 44 API calls 17614->17615 17616 10e1012 17615->17616 17619 111c75f 17616->17619 17622 111c732 17619->17622 17623 111c741 17622->17623 17624 111c748 17622->17624 17628 112641c 17623->17628 17631 1126499 17624->17631 17627 10e101c 17629 1126499 45 API calls 17628->17629 17630 112642e 17629->17630 17630->17627 17634 11261e5 17631->17634 17635 11261f1 __FrameHandler3::FrameUnwindToState 17634->17635 17642 112a5e9 EnterCriticalSection 17635->17642 17637 11261ff 17643 1126240 17637->17643 17639 112620c 17653 1126234 17639->17653 17642->17637 17644 112625b 17643->17644 17652 11262ce _unexpected 17643->17652 17645 11262ae 17644->17645 17644->17652 17656 112b915 17644->17656 17647 112b915 45 API calls 17645->17647 17645->17652 17649 11262c4 17647->17649 17648 11262a4 17650 1127a11 ___free_lconv_mon 14 API calls 17648->17650 17651 1127a11 ___free_lconv_mon 14 API calls 17649->17651 17650->17645 17651->17652 17652->17639 17684 112a631 LeaveCriticalSection 17653->17684 17655 112621d 17655->17627 17657 112b922 17656->17657 17658 112b93d 17656->17658 17657->17658 17659 112b92e 17657->17659 17660 112b94c 17658->17660 17665 1130dfa 17658->17665 17661 112389c __dosmaperr 14 API calls 17659->17661 17672 1130e2d 17660->17672 17664 112b933 IsInExceptionSpec 17661->17664 17664->17648 17666 1130e05 17665->17666 17667 1130e1a HeapSize 17665->17667 17668 112389c __dosmaperr 14 API calls 17666->17668 17667->17660 17669 1130e0a 17668->17669 17670 111f92e ___std_exception_copy 42 API calls 17669->17670 17671 1130e15 17670->17671 17671->17660 17673 1130e45 17672->17673 17674 1130e3a 17672->17674 17675 1130e4d 17673->17675 17682 1130e56 _unexpected 17673->17682 17676 1127f6a 15 API calls 17674->17676 17677 1127a11 ___free_lconv_mon 14 API calls 17675->17677 17680 1130e42 17676->17680 17677->17680 17678 1130e80 HeapReAlloc 17678->17680 17678->17682 17679 1130e5b 17681 112389c __dosmaperr 14 API calls 17679->17681 17680->17664 17681->17680 17682->17678 17682->17679 17683 1125777 _unexpected 2 API calls 17682->17683 17683->17682 17684->17655 17782 111c70a 17783 111c716 17782->17783 17784 111c72c 17783->17784 17788 11265d9 17783->17788 17786 111c724 17787 111d9f6 ___scrt_uninitialize_crt 7 API calls 17786->17787 17787->17784 17789 11265e4 17788->17789 17791 11265f6 ___scrt_uninitialize_crt 17788->17791 17790 11265f2 17789->17790 17793 1127f61 17789->17793 17790->17786 17791->17786 17796 1127dee 17793->17796 17799 1127d42 17796->17799 17800 1127d4e __FrameHandler3::FrameUnwindToState 17799->17800 17807 112a5e9 EnterCriticalSection 17800->17807 17802 1127dc4 17816 1127de2 17802->17816 17804 1127d58 ___scrt_uninitialize_crt 17804->17802 17808 1127cb6 17804->17808 17807->17804 17809 1127cc2 __FrameHandler3::FrameUnwindToState 17808->17809 17819 1127486 EnterCriticalSection 17809->17819 17811 1127ccc ___scrt_uninitialize_crt 17815 1127d05 17811->17815 17820 1127efc 17811->17820 17833 1127d36 17815->17833 17866 112a631 LeaveCriticalSection 17816->17866 17818 1127dd0 17818->17790 17819->17811 17821 1127f11 ___std_exception_copy 17820->17821 17822 1127f23 17821->17822 17823 1127f18 17821->17823 17825 1127e93 ___scrt_uninitialize_crt 67 API calls 17822->17825 17824 1127dee ___scrt_uninitialize_crt 71 API calls 17823->17824 17827 1127f1e 17824->17827 17826 1127f2d 17825->17826 17826->17827 17830 1127a4b ___scrt_uninitialize_crt 42 API calls 17826->17830 17828 111f66a ___std_exception_copy 42 API calls 17827->17828 17829 1127f5b 17828->17829 17829->17815 17831 1127f44 17830->17831 17836 112dfbb 17831->17836 17865 112749a LeaveCriticalSection 17833->17865 17835 1127d24 17835->17804 17837 112dfd9 17836->17837 17838 112dfcc 17836->17838 17839 112e022 17837->17839 17842 112e000 17837->17842 17840 112389c __dosmaperr 14 API calls 17838->17840 17841 112389c __dosmaperr 14 API calls 17839->17841 17844 112dfd1 17840->17844 17843 112e027 17841->17843 17847 112df19 17842->17847 17846 111f92e ___std_exception_copy 42 API calls 17843->17846 17844->17827 17846->17844 17848 112df25 __FrameHandler3::FrameUnwindToState 17847->17848 17860 112be8a EnterCriticalSection 17848->17860 17850 112df34 17851 112df79 17850->17851 17852 112c106 ___scrt_uninitialize_crt 42 API calls 17850->17852 17853 112389c __dosmaperr 14 API calls 17851->17853 17854 112df60 FlushFileBuffers 17852->17854 17855 112df80 17853->17855 17854->17855 17856 112df6c GetLastError 17854->17856 17861 112dfaf 17855->17861 17857 1123889 __dosmaperr 14 API calls 17856->17857 17857->17851 17860->17850 17864 112bf3f LeaveCriticalSection 17861->17864 17863 112df98 17863->17844 17864->17863 17865->17835 17866->17818 17929 111cd34 17933 111dbb0 17929->17933 17931 111cd47 GetStartupInfoW 17932 111cd5a 17931->17932 17934 111dbc7 17933->17934 17934->17931 17934->17934 17963 10fe720 17964 10e1be0 44 API calls 17963->17964 17967 10fe748 17964->17967 17965 10fe7b3 17967->17965 17968 10e1be0 44 API calls 17967->17968 17969 10fe590 17967->17969 17968->17967 17970 10fe5c2 17969->17970 17971 10fe615 17970->17971 17973 10feae0 17970->17973 17971->17967 17974 10feb19 17973->17974 17976 10feb05 17973->17976 17975 1103320 44 API calls 17974->17975 17975->17976 17976->17971 15880 112572e 15881 1125741 ___std_exception_copy 15880->15881 15886 112550d 15881->15886 15883 1125756 15884 111f66a ___std_exception_copy 42 API calls 15883->15884 15885 1125763 15884->15885 15887 112551b 15886->15887 15893 1125543 15886->15893 15888 112554a 15887->15888 15889 1125528 15887->15889 15887->15893 15894 1125466 15888->15894 15891 111f8b1 ___std_exception_copy 29 API calls 15889->15891 15891->15893 15893->15883 15895 1125472 __FrameHandler3::FrameUnwindToState 15894->15895 15902 1127486 EnterCriticalSection 15895->15902 15897 1125480 15903 11254c1 15897->15903 15902->15897 15913 1129587 15903->15913 15910 11254b5 15960 112749a LeaveCriticalSection 15910->15960 15912 112549e 15912->15883 15933 112954c 15913->15933 15915 1129598 15917 11254d9 15915->15917 15939 1127f6a 15915->15939 15920 1125584 15917->15920 15919 1127a11 ___free_lconv_mon 14 API calls 15919->15917 15923 1125596 15920->15923 15924 11254f7 15920->15924 15921 11255a4 15922 111f8b1 ___std_exception_copy 29 API calls 15921->15922 15922->15924 15923->15921 15923->15924 15928 11255da CatchIt 15923->15928 15929 1129633 15924->15929 15925 1127e93 ___scrt_uninitialize_crt 67 API calls 15925->15928 15926 1127a4b ___scrt_uninitialize_crt 42 API calls 15926->15928 15927 112a048 ___scrt_uninitialize_crt 67 API calls 15927->15928 15928->15924 15928->15925 15928->15926 15928->15927 15930 112963e 15929->15930 15932 112548d 15929->15932 15931 1127e93 ___scrt_uninitialize_crt 67 API calls 15930->15931 15930->15932 15931->15932 15932->15910 15934 1129558 15933->15934 15935 1129579 15934->15935 15936 1127a4b ___scrt_uninitialize_crt 42 API calls 15934->15936 15935->15915 15937 1129573 15936->15937 15938 112f98c ___scrt_uninitialize_crt 42 API calls 15937->15938 15938->15935 15940 1127fa8 15939->15940 15944 1127f78 _unexpected 15939->15944 15942 112389c __dosmaperr 14 API calls 15940->15942 15941 1127f93 RtlAllocateHeap 15943 1127fa6 15941->15943 15941->15944 15942->15943 15943->15919 15944->15940 15944->15941 15946 1125777 15944->15946 15949 11257a4 15946->15949 15950 11257b0 __FrameHandler3::FrameUnwindToState 15949->15950 15955 112a5e9 EnterCriticalSection 15950->15955 15952 11257bb 15956 11257f7 15952->15956 15955->15952 15959 112a631 LeaveCriticalSection 15956->15959 15958 1125782 15958->15944 15959->15958 15960->15912 15837 112544b 15838 1127a11 ___free_lconv_mon 14 API calls 15837->15838 15839 1125463 15838->15839 15840 112bb49 15841 112bb55 __FrameHandler3::FrameUnwindToState 15840->15841 15842 112bb82 IsInExceptionSpec 15841->15842 15843 112710c __dosmaperr 14 API calls 15841->15843 15848 112bb7c IsInExceptionSpec 15841->15848 15851 112bbf5 15842->15851 15873 112a5e9 EnterCriticalSection 15842->15873 15843->15848 15844 112bbc9 15845 112389c __dosmaperr 14 API calls 15844->15845 15846 112bbce 15845->15846 15847 111f92e ___std_exception_copy 42 API calls 15846->15847 15849 112bbb3 15847->15849 15848->15842 15848->15844 15848->15849 15853 112bc37 15851->15853 15854 112bd28 15851->15854 15865 112bc66 15851->15865 15859 1126fbb _unexpected 42 API calls 15853->15859 15853->15865 15855 112bd33 15854->15855 15878 112a631 LeaveCriticalSection 15854->15878 15858 1125c36 IsInExceptionSpec 23 API calls 15855->15858 15860 112bd3b 15858->15860 15861 112bc5b 15859->15861 15862 112a679 _unexpected 14 API calls 15860->15862 15864 1126fbb _unexpected 42 API calls 15861->15864 15869 112bd4e 15862->15869 15863 1126fbb _unexpected 42 API calls 15868 112bcbb 15863->15868 15864->15865 15874 112bcd5 15865->15874 15866 112bd5b 15867 1127a11 ___free_lconv_mon 14 API calls 15866->15867 15870 112bdb0 15867->15870 15868->15849 15872 1126fbb _unexpected 42 API calls 15868->15872 15869->15866 15871 112832e IsInExceptionSpec 6 API calls 15869->15871 15871->15869 15872->15849 15873->15851 15875 112bcdb 15874->15875 15877 112bcac 15874->15877 15879 112a631 LeaveCriticalSection 15875->15879 15877->15849 15877->15863 15877->15868 15878->15855 15879->15877 15120 1125c72 15123 1125a9d 15120->15123 15124 1125aca 15123->15124 15125 1125adc 15123->15125 15150 111cd6d GetModuleHandleW 15124->15150 15135 1125946 15125->15135 15130 1125b19 15133 1125b2e 15136 1125952 __FrameHandler3::FrameUnwindToState 15135->15136 15158 112a5e9 EnterCriticalSection 15136->15158 15138 112595c 15159 11259b2 15138->15159 15140 1125969 15163 1125987 15140->15163 15143 1125b34 15242 1125b65 15143->15242 15146 1125b52 15148 1125b87 IsInExceptionSpec 3 API calls 15146->15148 15147 1125b42 GetCurrentProcess TerminateProcess 15147->15146 15149 1125b5a ExitProcess 15148->15149 15151 111cd79 15150->15151 15151->15125 15152 1125b87 GetModuleHandleExW 15151->15152 15153 1125bc6 GetProcAddress 15152->15153 15154 1125be7 15152->15154 15153->15154 15157 1125bda 15153->15157 15155 1125adb 15154->15155 15156 1125bed FreeLibrary 15154->15156 15155->15125 15156->15155 15157->15154 15158->15138 15161 11259be __FrameHandler3::FrameUnwindToState 15159->15161 15160 1125a25 IsInExceptionSpec 15160->15140 15161->15160 15166 1126432 15161->15166 15241 112a631 LeaveCriticalSection 15163->15241 15165 1125975 15165->15130 15165->15143 15167 112643e __EH_prolog3 15166->15167 15170 112618a 15167->15170 15169 1126465 IsInExceptionSpec 15169->15160 15171 1126196 __FrameHandler3::FrameUnwindToState 15170->15171 15178 112a5e9 EnterCriticalSection 15171->15178 15173 11261a4 15179 1126342 15173->15179 15178->15173 15180 1126361 15179->15180 15181 11261b1 15179->15181 15180->15181 15186 1127a11 15180->15186 15183 11261d9 15181->15183 15240 112a631 LeaveCriticalSection 15183->15240 15185 11261c2 15185->15169 15187 1127a46 15186->15187 15188 1127a1c RtlFreeHeap 15186->15188 15187->15181 15188->15187 15189 1127a31 GetLastError 15188->15189 15190 1127a3e __dosmaperr 15189->15190 15192 112389c 15190->15192 15195 112710c GetLastError 15192->15195 15194 11238a1 15194->15187 15196 1127122 15195->15196 15197 1127128 15195->15197 15218 11282ad 15196->15218 15201 112712c SetLastError 15197->15201 15223 11282ec 15197->15223 15201->15194 15205 1127172 15208 11282ec _unexpected 6 API calls 15205->15208 15206 1127161 15207 11282ec _unexpected 6 API calls 15206->15207 15209 112716f 15207->15209 15210 112717e 15208->15210 15214 1127a11 ___free_lconv_mon 12 API calls 15209->15214 15211 1127182 15210->15211 15212 1127199 15210->15212 15213 11282ec _unexpected 6 API calls 15211->15213 15235 1126de9 15212->15235 15213->15209 15214->15201 15217 1127a11 ___free_lconv_mon 12 API calls 15217->15201 15219 112814d _unexpected 5 API calls 15218->15219 15220 11282c9 15219->15220 15221 11282d2 15220->15221 15222 11282e4 TlsGetValue 15220->15222 15221->15197 15224 112814d _unexpected 5 API calls 15223->15224 15225 1128308 15224->15225 15226 1127144 15225->15226 15227 1128326 TlsSetValue 15225->15227 15226->15201 15228 112a679 15226->15228 15229 112a686 _unexpected 15228->15229 15230 112a6c6 15229->15230 15231 112a6b1 RtlAllocateHeap 15229->15231 15234 1125777 _unexpected EnterCriticalSection LeaveCriticalSection 15229->15234 15233 112389c __dosmaperr 13 API calls 15230->15233 15231->15229 15232 1127159 15231->15232 15232->15205 15232->15206 15233->15232 15234->15229 15236 1126c7d _unexpected EnterCriticalSection LeaveCriticalSection 15235->15236 15237 1126e57 15236->15237 15238 1126d8f _unexpected 14 API calls 15237->15238 15239 1126e80 15238->15239 15239->15217 15240->15185 15241->15165 15247 112a648 GetPEB 15242->15247 15245 1125b3e 15245->15146 15245->15147 15246 1125b6f GetPEB 15246->15245 15248 112a662 15247->15248 15250 1125b6a 15247->15250 15251 11281d0 15248->15251 15250->15245 15250->15246 15254 112814d 15251->15254 15253 11281ec 15253->15250 15255 112817b 15254->15255 15258 1128177 _unexpected 15254->15258 15255->15258 15260 1128082 15255->15260 15258->15253 15259 1128195 GetProcAddress 15259->15258 15266 1128093 ___vcrt_FlsGetValue 15260->15266 15261 1128129 15261->15258 15261->15259 15262 11280b1 LoadLibraryExW 15263 1128130 15262->15263 15264 11280cc GetLastError 15262->15264 15263->15261 15265 1128142 FreeLibrary 15263->15265 15264->15266 15265->15261 15266->15261 15266->15262 15267 11280ff LoadLibraryExW 15266->15267 15267->15263 15267->15266 15698 111fa79 15701 111f9c2 15698->15701 15704 111f9ce __FrameHandler3::FrameUnwindToState 15701->15704 15702 111f9d5 15703 112389c __dosmaperr 14 API calls 15702->15703 15706 111f9da 15703->15706 15704->15702 15705 111f9f5 15704->15705 15707 111fa07 15705->15707 15708 111f9fa 15705->15708 15709 111f92e ___std_exception_copy 42 API calls 15706->15709 15718 11274ae 15707->15718 15710 112389c __dosmaperr 14 API calls 15708->15710 15717 111f9e5 15709->15717 15710->15717 15713 111fa17 15714 112389c __dosmaperr 14 API calls 15713->15714 15714->15717 15715 111fa24 15726 111fa62 15715->15726 15719 11274ba __FrameHandler3::FrameUnwindToState 15718->15719 15730 112a5e9 EnterCriticalSection 15719->15730 15721 11274c8 15731 1127552 15721->15731 15728 111fa66 15726->15728 15756 112749a LeaveCriticalSection 15728->15756 15729 111fa77 15729->15717 15730->15721 15738 1127575 15731->15738 15732 11275cd 15733 112a679 _unexpected 14 API calls 15732->15733 15735 11275d6 15733->15735 15736 1127a11 ___free_lconv_mon 14 API calls 15735->15736 15737 11275df 15736->15737 15743 11274d5 15737->15743 15749 112832e 15737->15749 15738->15732 15738->15738 15738->15743 15747 1127486 EnterCriticalSection 15738->15747 15748 112749a LeaveCriticalSection 15738->15748 15744 112750e 15743->15744 15755 112a631 LeaveCriticalSection 15744->15755 15746 111fa10 15746->15713 15746->15715 15747->15738 15748->15738 15750 112814d _unexpected 5 API calls 15749->15750 15751 112834a 15750->15751 15752 1128368 InitializeCriticalSectionAndSpinCount 15751->15752 15753 11275fe 15751->15753 15752->15753 15754 1127486 EnterCriticalSection 15753->15754 15754->15743 15755->15746 15756->15729 15757 111c599 15758 111c5a2 15757->15758 15765 111ca38 IsProcessorFeaturePresent 15758->15765 15762 111c5b3 15763 111c5b7 15762->15763 15775 111d9f6 15762->15775 15766 111c5ae 15765->15766 15767 111d9d7 15766->15767 15781 111ebfc 15767->15781 15771 111d9e8 15772 111d9f3 15771->15772 15795 111ec38 15771->15795 15772->15762 15774 111d9e0 15774->15762 15776 111da09 15775->15776 15777 111d9ff 15775->15777 15776->15763 15778 111de35 ___vcrt_uninitialize_ptd 6 API calls 15777->15778 15779 111da04 15778->15779 15780 111ec38 ___vcrt_uninitialize_locks DeleteCriticalSection 15779->15780 15780->15776 15782 111ec05 15781->15782 15784 111ec2e 15782->15784 15786 111d9dc 15782->15786 15799 111efa9 15782->15799 15785 111ec38 ___vcrt_uninitialize_locks DeleteCriticalSection 15784->15785 15785->15786 15786->15774 15787 111de02 15786->15787 15818 111eeba 15787->15818 15790 111de17 15790->15771 15793 111de32 15793->15771 15796 111ec62 15795->15796 15797 111ec43 15795->15797 15796->15774 15798 111ec4d DeleteCriticalSection 15797->15798 15798->15796 15798->15798 15804 111ee71 15799->15804 15802 111efe1 InitializeCriticalSectionAndSpinCount 15803 111efcc 15802->15803 15803->15782 15805 111eeac 15804->15805 15806 111ee89 15804->15806 15805->15802 15805->15803 15806->15805 15810 111edd7 15806->15810 15809 111ee9e GetProcAddress 15809->15805 15816 111ede3 ___vcrt_FlsGetValue 15810->15816 15811 111edf9 LoadLibraryExW 15813 111ee17 GetLastError 15811->15813 15814 111ee5e 15811->15814 15812 111ee57 15812->15805 15812->15809 15813->15816 15814->15812 15815 111ee66 FreeLibrary 15814->15815 15815->15812 15816->15811 15816->15812 15817 111ee39 LoadLibraryExW 15816->15817 15817->15814 15817->15816 15819 111ee71 ___vcrt_FlsGetValue 5 API calls 15818->15819 15820 111eed4 15819->15820 15821 111eeed TlsAlloc 15820->15821 15822 111de0c 15820->15822 15822->15790 15823 111ef6b 15822->15823 15824 111ee71 ___vcrt_FlsGetValue 5 API calls 15823->15824 15825 111ef85 15824->15825 15826 111efa0 TlsSetValue 15825->15826 15827 111de25 15825->15827 15826->15827 15827->15793 15828 111de35 15827->15828 15829 111de45 15828->15829 15830 111de3f 15828->15830 15829->15790 15832 111eef5 15830->15832 15833 111ee71 ___vcrt_FlsGetValue 5 API calls 15832->15833 15834 111ef0f 15833->15834 15835 111ef27 TlsFree 15834->15835 15836 111ef1b 15834->15836 15835->15836 15836->15829 20098 1125c88 20099 1125c9f 20098->20099 20121 1125c98 20098->20121 20100 1125cc0 20099->20100 20101 1125caa 20099->20101 20128 112b4a3 20100->20128 20103 112389c __dosmaperr 14 API calls 20101->20103 20105 1125caf 20103->20105 20107 111f92e ___std_exception_copy 42 API calls 20105->20107 20107->20121 20113 1125d22 20115 112389c __dosmaperr 14 API calls 20113->20115 20114 1125d2e 20116 1125dc5 42 API calls 20114->20116 20117 1125d27 20115->20117 20118 1125d44 20116->20118 20120 1127a11 ___free_lconv_mon 14 API calls 20117->20120 20118->20117 20119 1125d68 20118->20119 20122 1125d89 20119->20122 20123 1125d7f 20119->20123 20120->20121 20126 1127a11 ___free_lconv_mon 14 API calls 20122->20126 20124 1127a11 ___free_lconv_mon 14 API calls 20123->20124 20125 1125d87 20124->20125 20127 1127a11 ___free_lconv_mon 14 API calls 20125->20127 20126->20125 20127->20121 20129 1125cc6 20128->20129 20130 112b4ac 20128->20130 20134 112ae7f GetModuleFileNameW 20129->20134 20156 1127076 20130->20156 20135 112aeae GetLastError 20134->20135 20136 112aebf 20134->20136 20137 1123842 __dosmaperr 14 API calls 20135->20137 20138 1123672 42 API calls 20136->20138 20139 112aeba 20137->20139 20140 112aef0 20138->20140 20142 111c2e8 CatchGuardHandler 5 API calls 20139->20142 20301 112ad82 20140->20301 20143 1125cd9 20142->20143 20144 1125dc5 20143->20144 20146 1125dea 20144->20146 20148 1125e4a 20146->20148 20329 112b756 20146->20329 20147 1125d0c 20150 1125f39 20147->20150 20148->20147 20149 112b756 42 API calls 20148->20149 20149->20148 20151 1125d19 20150->20151 20152 1125f4a 20150->20152 20151->20113 20151->20114 20152->20151 20153 112a679 _unexpected 14 API calls 20152->20153 20154 1125f73 20153->20154 20155 1127a11 ___free_lconv_mon 14 API calls 20154->20155 20155->20151 20157 1127081 20156->20157 20158 1127087 20156->20158 20159 11282ad _unexpected 6 API calls 20157->20159 20160 11282ec _unexpected 6 API calls 20158->20160 20177 112708d 20158->20177 20159->20158 20161 11270a1 20160->20161 20163 112a679 _unexpected 14 API calls 20161->20163 20161->20177 20162 1126a4a IsInExceptionSpec 42 API calls 20164 112710b 20162->20164 20165 11270b1 20163->20165 20166 11270b9 20165->20166 20167 11270ce 20165->20167 20169 11282ec _unexpected 6 API calls 20166->20169 20168 11282ec _unexpected 6 API calls 20167->20168 20171 11270da 20168->20171 20170 11270c5 20169->20170 20174 1127a11 ___free_lconv_mon 14 API calls 20170->20174 20172 11270de 20171->20172 20173 11270ed 20171->20173 20175 11282ec _unexpected 6 API calls 20172->20175 20176 1126de9 _unexpected 14 API calls 20173->20176 20174->20177 20175->20170 20178 11270f8 20176->20178 20177->20162 20180 1127092 20177->20180 20179 1127a11 ___free_lconv_mon 14 API calls 20178->20179 20179->20180 20181 112b2ae 20180->20181 20182 112b403 ___scrt_uninitialize_crt 42 API calls 20181->20182 20183 112b2d8 20182->20183 20204 112b02e 20183->20204 20186 1127f6a 15 API calls 20187 112b302 20186->20187 20188 112b30a 20187->20188 20189 112b318 20187->20189 20190 1127a11 ___free_lconv_mon 14 API calls 20188->20190 20211 112b4fe 20189->20211 20192 112b2f1 20190->20192 20192->20129 20194 112b350 20195 112389c __dosmaperr 14 API calls 20194->20195 20196 112b355 20195->20196 20199 1127a11 ___free_lconv_mon 14 API calls 20196->20199 20197 112b397 20198 112b3e0 20197->20198 20222 112af20 20197->20222 20203 1127a11 ___free_lconv_mon 14 API calls 20198->20203 20199->20192 20200 112b36b 20200->20197 20201 1127a11 ___free_lconv_mon 14 API calls 20200->20201 20201->20197 20203->20192 20205 11203d4 42 API calls 20204->20205 20206 112b040 20205->20206 20207 112b061 20206->20207 20208 112b04f GetOEMCP 20206->20208 20209 112b078 20207->20209 20210 112b066 GetACP 20207->20210 20208->20209 20209->20186 20209->20192 20210->20209 20212 112b02e 44 API calls 20211->20212 20213 112b51e 20212->20213 20214 112b55b IsValidCodePage 20213->20214 20220 112b597 IsInExceptionSpec 20213->20220 20217 112b56d 20214->20217 20214->20220 20215 111c2e8 CatchGuardHandler 5 API calls 20216 112b345 20215->20216 20216->20194 20216->20200 20218 112b59c GetCPInfo 20217->20218 20221 112b576 IsInExceptionSpec 20217->20221 20218->20220 20218->20221 20220->20215 20230 112b102 20221->20230 20223 112af2c __FrameHandler3::FrameUnwindToState 20222->20223 20289 112a5e9 EnterCriticalSection 20223->20289 20225 112af36 20290 112af6d 20225->20290 20231 112b12a GetCPInfo 20230->20231 20240 112b1f3 20230->20240 20236 112b142 20231->20236 20231->20240 20232 111c2e8 CatchGuardHandler 5 API calls 20234 112b2ac 20232->20234 20233 112c3f6 45 API calls 20235 112b1aa 20233->20235 20234->20220 20241 1130da2 20235->20241 20236->20233 20239 1130da2 46 API calls 20239->20240 20240->20232 20242 11203d4 42 API calls 20241->20242 20243 1130db5 20242->20243 20246 1130bb4 20243->20246 20247 1130bcf 20246->20247 20248 1127fb8 ___scrt_uninitialize_crt MultiByteToWideChar 20247->20248 20252 1130c15 20248->20252 20249 1130d8d 20250 111c2e8 CatchGuardHandler 5 API calls 20249->20250 20251 112b1cb 20250->20251 20251->20239 20252->20249 20253 1127f6a 15 API calls 20252->20253 20255 1130c3b 20252->20255 20263 1130cc1 20252->20263 20253->20255 20254 112c4ff __freea 14 API calls 20254->20249 20256 1127fb8 ___scrt_uninitialize_crt MultiByteToWideChar 20255->20256 20255->20263 20257 1130c80 20256->20257 20257->20263 20274 1128379 20257->20274 20260 1130cb2 20260->20263 20266 1128379 6 API calls 20260->20266 20261 1130cea 20262 1130d75 20261->20262 20264 1127f6a 15 API calls 20261->20264 20267 1130cfc 20261->20267 20265 112c4ff __freea 14 API calls 20262->20265 20263->20254 20264->20267 20265->20263 20266->20263 20267->20262 20268 1128379 6 API calls 20267->20268 20269 1130d3f 20268->20269 20269->20262 20270 112b787 ___scrt_uninitialize_crt WideCharToMultiByte 20269->20270 20271 1130d59 20270->20271 20271->20262 20272 1130d62 20271->20272 20273 112c4ff __freea 14 API calls 20272->20273 20273->20263 20280 112804e 20274->20280 20278 11283ca LCMapStringW 20279 112838a 20278->20279 20279->20260 20279->20261 20279->20263 20281 112814d _unexpected 5 API calls 20280->20281 20282 1128064 20281->20282 20282->20279 20283 11283d6 20282->20283 20286 1128068 20283->20286 20285 11283e1 20285->20278 20287 112814d _unexpected 5 API calls 20286->20287 20288 112807e 20287->20288 20288->20285 20289->20225 20291 1122d3a 42 API calls 20290->20291 20292 112af8f 20291->20292 20293 1122d3a 42 API calls 20292->20293 20294 112afae 20293->20294 20295 112af43 20294->20295 20296 1127a11 ___free_lconv_mon 14 API calls 20294->20296 20297 112af61 20295->20297 20296->20295 20300 112a631 LeaveCriticalSection 20297->20300 20299 112af4f 20299->20198 20300->20299 20302 112ad9e 20301->20302 20303 112ad8f 20301->20303 20304 112ada6 20302->20304 20305 112adcb 20302->20305 20303->20139 20304->20303 20322 112ae44 20304->20322 20306 112b787 ___scrt_uninitialize_crt WideCharToMultiByte 20305->20306 20308 112addb 20306->20308 20309 112ade2 GetLastError 20308->20309 20310 112adf8 20308->20310 20312 1123842 __dosmaperr 14 API calls 20309->20312 20311 112ae09 20310->20311 20313 112ae44 14 API calls 20310->20313 20311->20303 20326 112ac90 20311->20326 20315 112adee 20312->20315 20313->20311 20317 112389c __dosmaperr 14 API calls 20315->20317 20317->20303 20318 112ae23 GetLastError 20319 1123842 __dosmaperr 14 API calls 20318->20319 20320 112ae2f 20319->20320 20321 112389c __dosmaperr 14 API calls 20320->20321 20321->20303 20323 112ae4f 20322->20323 20324 112389c __dosmaperr 14 API calls 20323->20324 20325 112ae58 20324->20325 20325->20303 20327 112b787 ___scrt_uninitialize_crt WideCharToMultiByte 20326->20327 20328 112acad 20327->20328 20328->20303 20328->20318 20332 112b706 20329->20332 20333 11203d4 42 API calls 20332->20333 20334 112b719 20333->20334 20334->20146 15961 10e3cc0 15962 10e3d1d 15961->15962 15963 10e3d50 SHGetFolderPathA 15962->15963 15964 10e3dc2 __aulldiv 15963->15964 15965 10e3ecf 15964->15965 15967 10e3ea6 15964->15967 15966 10e1810 44 API calls 15965->15966 15968 10e3eb8 15966->15968 15972 10e1810 15967->15972 15970 111c2e8 CatchGuardHandler 5 API calls 15968->15970 15971 10e3f01 15970->15971 15973 10e18b3 15972->15973 15976 10e1c50 15973->15976 15975 10e18ea 15975->15968 15977 10e1c64 CatchIt 15976->15977 15978 10e1ca0 15976->15978 15977->15975 15980 10e2260 15978->15980 15998 10e1e60 15980->15998 15983 10e229d 15984 10e1e60 5 API calls 15983->15984 15986 10e22ae 15984->15986 16005 10e2460 15986->16005 15989 10e22fc 16009 10e24e0 15989->16009 15990 10e230d 15993 10e2305 CatchIt 15990->15993 16017 111c4f3 15990->16017 15995 10e23ac error_info_injector 15993->15995 16027 10e1320 15993->16027 15996 111c2e8 CatchGuardHandler 5 API calls 15995->15996 15997 10e240a 15996->15997 15997->15977 15999 10e1e95 15998->15999 16000 111c2e8 CatchGuardHandler 5 API calls 15999->16000 16001 10e1efe 16000->16001 16001->15983 16002 10e1390 16001->16002 16031 111c2a2 16002->16031 16006 10e2481 16005->16006 16007 111c2e8 CatchGuardHandler 5 API calls 16006->16007 16008 10e22cb 16007->16008 16008->15989 16008->15990 16010 10e24fc 16009->16010 16011 10e24f7 16009->16011 16013 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16010->16013 16074 10e1260 16011->16074 16014 10e2505 16013->16014 16016 10e2520 16014->16016 16078 111f93e 16014->16078 16016->15993 16020 111c4f8 16017->16020 16018 11253ad ___std_exception_copy 15 API calls 16018->16020 16019 111c512 16019->15993 16020->16018 16020->16019 16021 1125777 _unexpected 2 API calls 16020->16021 16023 111c514 Concurrency::cancellation_token_source::~cancellation_token_source 16020->16023 16021->16020 16022 111ca1a Concurrency::cancel_current_task 16024 111d96b Concurrency::cancel_current_task RaiseException 16022->16024 16023->16022 16025 111d96b Concurrency::cancel_current_task RaiseException 16023->16025 16026 111ca37 16024->16026 16025->16022 16028 10e135e 16027->16028 16029 111f93e Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16028->16029 16030 10e1379 16028->16030 16029->16028 16030->15995 16036 111c1d3 16031->16036 16035 111c2c1 16042 10e26a0 16036->16042 16039 111d96b 16040 111d9b2 RaiseException 16039->16040 16041 111d985 16039->16041 16040->16035 16041->16040 16047 111d384 16042->16047 16045 111c2e8 CatchGuardHandler 5 API calls 16046 10e26f3 16045->16046 16046->16039 16048 10e26e3 16047->16048 16049 111d391 16047->16049 16048->16045 16049->16048 16055 11253ad 16049->16055 16052 111d3be 16071 112544b 16052->16071 16057 1127f6a _unexpected 16055->16057 16056 1127fa8 16059 112389c __dosmaperr 14 API calls 16056->16059 16057->16056 16058 1127f93 RtlAllocateHeap 16057->16058 16061 1125777 _unexpected 2 API calls 16057->16061 16058->16057 16060 111d3ae 16058->16060 16059->16060 16060->16052 16062 1126a8e 16060->16062 16061->16057 16063 1126a9c 16062->16063 16064 1126aaa 16062->16064 16063->16064 16066 1126ac2 16063->16066 16065 112389c __dosmaperr 14 API calls 16064->16065 16070 1126ab2 16065->16070 16068 1126abc 16066->16068 16069 112389c __dosmaperr 14 API calls 16066->16069 16067 111f92e ___std_exception_copy 42 API calls 16067->16068 16068->16052 16069->16070 16070->16067 16072 1127a11 ___free_lconv_mon 14 API calls 16071->16072 16073 1125463 16072->16073 16073->16048 16075 10e126e Concurrency::cancel_current_task 16074->16075 16076 111d96b Concurrency::cancel_current_task RaiseException 16075->16076 16077 10e127c 16076->16077 16077->16010 16079 111f87a ___std_exception_copy 42 API calls 16078->16079 16080 111f94d 16079->16080 16081 111f95b Concurrency::cancellation_token_source::~cancellation_token_source 11 API calls 16080->16081 16082 111f95a 16081->16082 16083 10e38d0 16084 10e38dc 16083->16084 16087 10e3908 16083->16087 16085 10e390c GetFileAttributesA 16084->16085 16084->16087 16086 10e391f GetLastError 16085->16086 16085->16087 16086->16087 15268 1122ef7 15269 1122f0a ___std_exception_copy 15268->15269 15274 1122dd2 15269->15274 15271 1122f16 15285 111f66a 15271->15285 15275 1122dde __FrameHandler3::FrameUnwindToState 15274->15275 15276 1122de8 15275->15276 15278 1122e0b 15275->15278 15306 111f8b1 15276->15306 15284 1122e03 15278->15284 15291 1127486 EnterCriticalSection 15278->15291 15280 1122e29 15292 1122e69 15280->15292 15282 1122e36 15315 1122e61 15282->15315 15284->15271 15286 111f676 15285->15286 15287 111f68d 15286->15287 15288 111f715 ___std_exception_copy 42 API calls 15286->15288 15289 111f715 ___std_exception_copy 42 API calls 15287->15289 15290 111f6a0 15287->15290 15288->15287 15289->15290 15291->15280 15293 1122e76 15292->15293 15294 1122e99 15292->15294 15295 111f8b1 ___std_exception_copy 29 API calls 15293->15295 15296 1122e91 15294->15296 15318 1127e93 15294->15318 15295->15296 15296->15282 15302 1122ec5 15335 1127b03 15302->15335 15305 1127a11 ___free_lconv_mon 14 API calls 15305->15296 15307 111f8c1 15306->15307 15309 111f8c8 15306->15309 15308 111f6cf ___std_exception_copy 16 API calls 15307->15308 15308->15309 15314 111f8d6 15309->15314 15690 111f6a6 15309->15690 15311 111f8fd 15311->15314 15693 111f95b IsProcessorFeaturePresent 15311->15693 15313 111f92d 15314->15284 15697 112749a LeaveCriticalSection 15315->15697 15317 1122e67 15317->15284 15319 1122eb1 15318->15319 15320 1127eac 15318->15320 15324 1127c76 15319->15324 15320->15319 15321 1127a4b ___scrt_uninitialize_crt 42 API calls 15320->15321 15322 1127ec8 15321->15322 15342 112a048 15322->15342 15325 1122eb9 15324->15325 15326 1127c8d 15324->15326 15328 1127a4b 15325->15328 15326->15325 15327 1127a11 ___free_lconv_mon 14 API calls 15326->15327 15327->15325 15329 1127a57 15328->15329 15330 1127a6c 15328->15330 15331 112389c __dosmaperr 14 API calls 15329->15331 15330->15302 15332 1127a5c 15331->15332 15333 111f92e ___std_exception_copy 42 API calls 15332->15333 15334 1127a67 15333->15334 15334->15302 15336 1122ecc 15335->15336 15337 1127b2c 15335->15337 15336->15296 15336->15305 15338 1127b7b 15337->15338 15340 1127b53 15337->15340 15339 111f8b1 ___std_exception_copy 29 API calls 15338->15339 15339->15336 15655 1127a72 15340->15655 15344 112a054 __FrameHandler3::FrameUnwindToState 15342->15344 15343 112a118 15345 111f8b1 ___std_exception_copy 29 API calls 15343->15345 15344->15343 15346 112a0a9 15344->15346 15352 112a05c 15344->15352 15345->15352 15353 112be8a EnterCriticalSection 15346->15353 15348 112a0af 15349 112a0cc 15348->15349 15354 112a150 15348->15354 15382 112a110 15349->15382 15352->15319 15353->15348 15355 112a175 15354->15355 15379 112a198 ___scrt_uninitialize_crt 15354->15379 15356 112a179 15355->15356 15358 112a1d7 15355->15358 15357 111f8b1 ___std_exception_copy 29 API calls 15356->15357 15357->15379 15359 112a1ee 15358->15359 15392 112fc0b 15358->15392 15385 1129c9d 15359->15385 15363 112a23e 15367 112a252 15363->15367 15368 112a2a1 WriteFile 15363->15368 15364 112a1fe 15365 112a205 15364->15365 15366 112a228 15364->15366 15365->15379 15395 1129c35 15365->15395 15400 1129863 GetConsoleOutputCP 15366->15400 15371 112a25a 15367->15371 15372 112a28f 15367->15372 15370 112a2c3 GetLastError 15368->15370 15368->15379 15370->15379 15375 112a25f 15371->15375 15376 112a27d 15371->15376 15428 1129d1b 15372->15428 15377 112a268 15375->15377 15375->15379 15420 1129edf 15376->15420 15413 1129df6 15377->15413 15379->15349 15380 112a239 15380->15379 15654 112bf3f LeaveCriticalSection 15382->15654 15384 112a116 15384->15352 15435 112f98c 15385->15435 15387 1129caf 15388 1129d10 15387->15388 15389 1129cdd 15387->15389 15444 11234b0 15387->15444 15388->15363 15388->15364 15389->15388 15391 1129cf7 GetConsoleMode 15389->15391 15391->15388 15621 112fb08 15392->15621 15394 112fc24 15394->15359 15396 1129c8c 15395->15396 15397 1129c57 15395->15397 15396->15379 15397->15396 15398 1129c8e GetLastError 15397->15398 15399 112fc29 5 API calls ___scrt_uninitialize_crt 15397->15399 15398->15396 15399->15397 15401 11298d5 15400->15401 15410 11298dc CatchIt 15400->15410 15402 11234b0 ___scrt_uninitialize_crt 42 API calls 15401->15402 15402->15410 15404 1129c2e 15404->15380 15405 1129404 43 API calls ___scrt_uninitialize_crt 15405->15410 15406 112f884 5 API calls ___scrt_uninitialize_crt 15406->15410 15407 1129b99 15646 111c2e8 15407->15646 15409 1129b14 WriteFile 15409->15410 15411 1129c0c GetLastError 15409->15411 15410->15405 15410->15406 15410->15407 15410->15409 15412 1129b54 WriteFile 15410->15412 15643 112b787 15410->15643 15411->15407 15412->15410 15412->15411 15417 1129e05 ___scrt_uninitialize_crt 15413->15417 15414 1129ec4 15416 111c2e8 CatchGuardHandler 5 API calls 15414->15416 15415 1129e7a WriteFile 15415->15417 15418 1129ec6 GetLastError 15415->15418 15419 1129edd 15416->15419 15417->15414 15417->15415 15418->15414 15419->15379 15421 1129eee ___scrt_uninitialize_crt 15420->15421 15424 112b787 ___scrt_uninitialize_crt WideCharToMultiByte 15421->15424 15425 1129ff8 GetLastError 15421->15425 15426 1129fad WriteFile 15421->15426 15427 1129ff6 15421->15427 15422 111c2e8 CatchGuardHandler 5 API calls 15423 112a00f 15422->15423 15423->15380 15424->15421 15425->15427 15426->15421 15426->15425 15427->15422 15433 1129d2a ___scrt_uninitialize_crt 15428->15433 15429 1129ddb 15430 111c2e8 CatchGuardHandler 5 API calls 15429->15430 15431 1129df4 15430->15431 15431->15380 15432 1129d9a WriteFile 15432->15433 15434 1129ddd GetLastError 15432->15434 15433->15429 15433->15432 15434->15429 15436 112f999 15435->15436 15438 112f9a6 15435->15438 15437 112389c __dosmaperr 14 API calls 15436->15437 15439 112f99e 15437->15439 15440 112f9b2 15438->15440 15441 112389c __dosmaperr 14 API calls 15438->15441 15439->15387 15440->15387 15442 112f9d3 15441->15442 15451 111f92e 15442->15451 15460 111f715 15444->15460 15454 111f87a 15451->15454 15455 111f88c ___std_exception_copy 15454->15455 15456 111f8b1 ___std_exception_copy 29 API calls 15455->15456 15457 111f8a4 15456->15457 15458 111f66a ___std_exception_copy 42 API calls 15457->15458 15459 111f8af 15458->15459 15459->15439 15461 111f728 15460->15461 15462 111f71f 15460->15462 15467 11272d3 15461->15467 15475 111f6cf GetLastError 15462->15475 15464 111f724 15464->15461 15479 1126a4a 15464->15479 15468 11234dd 15467->15468 15469 11272ea 15467->15469 15471 1127331 15468->15471 15469->15468 15557 112c7e8 15469->15557 15472 1127348 15471->15472 15473 11234ea 15471->15473 15472->15473 15605 112b4eb 15472->15605 15473->15389 15476 111f6e8 15475->15476 15490 11271bd 15476->15490 15512 112bb04 15479->15512 15483 1126a64 IsProcessorFeaturePresent 15485 1126a70 15483->15485 15484 1126a5a 15484->15483 15489 1126a83 15484->15489 15548 111f732 15485->15548 15554 1125c36 15489->15554 15491 11271d0 15490->15491 15492 11271d6 15490->15492 15493 11282ad _unexpected 6 API calls 15491->15493 15494 11282ec _unexpected 6 API calls 15492->15494 15511 111f700 SetLastError 15492->15511 15493->15492 15495 11271f0 15494->15495 15496 112a679 _unexpected 14 API calls 15495->15496 15495->15511 15497 1127200 15496->15497 15498 1127208 15497->15498 15499 112721d 15497->15499 15501 11282ec _unexpected 6 API calls 15498->15501 15500 11282ec _unexpected 6 API calls 15499->15500 15502 1127229 15500->15502 15503 1127214 15501->15503 15504 112723c 15502->15504 15505 112722d 15502->15505 15506 1127a11 ___free_lconv_mon 14 API calls 15503->15506 15508 1126de9 _unexpected 14 API calls 15504->15508 15507 11282ec _unexpected 6 API calls 15505->15507 15506->15511 15507->15503 15509 1127247 15508->15509 15510 1127a11 ___free_lconv_mon 14 API calls 15509->15510 15510->15511 15511->15464 15513 112ba36 IsInExceptionSpec EnterCriticalSection LeaveCriticalSection 15512->15513 15514 1126a4f 15513->15514 15514->15484 15515 112bb49 15514->15515 15516 112bb55 __FrameHandler3::FrameUnwindToState 15515->15516 15517 112bb82 IsInExceptionSpec 15516->15517 15518 112710c __dosmaperr 14 API calls 15516->15518 15523 112bb7c IsInExceptionSpec 15516->15523 15525 112a5e9 IsInExceptionSpec EnterCriticalSection 15517->15525 15526 112bbf5 15517->15526 15518->15523 15519 112bbc9 15520 112389c __dosmaperr 14 API calls 15519->15520 15521 112bbce 15520->15521 15522 111f92e ___std_exception_copy 42 API calls 15521->15522 15524 112bbb3 15522->15524 15523->15517 15523->15519 15523->15524 15524->15484 15525->15526 15528 112bc37 15526->15528 15529 112bd28 15526->15529 15540 112bc66 15526->15540 15527 112bcd5 IsInExceptionSpec LeaveCriticalSection 15531 112bcac 15527->15531 15534 1126fbb _unexpected 42 API calls 15528->15534 15528->15540 15530 112bd33 15529->15530 15532 112a631 IsInExceptionSpec LeaveCriticalSection 15529->15532 15533 1125c36 IsInExceptionSpec 23 API calls 15530->15533 15531->15524 15538 1126fbb _unexpected 42 API calls 15531->15538 15543 112bcbb 15531->15543 15532->15530 15535 112bd3b 15533->15535 15536 112bc5b 15534->15536 15537 112a679 _unexpected 14 API calls 15535->15537 15539 1126fbb _unexpected 42 API calls 15536->15539 15544 112bd4e 15537->15544 15538->15543 15539->15540 15540->15527 15541 112bd5b 15542 1127a11 ___free_lconv_mon 14 API calls 15541->15542 15545 112bdb0 15542->15545 15543->15524 15547 1126fbb _unexpected 42 API calls 15543->15547 15544->15541 15546 112832e IsInExceptionSpec 6 API calls 15544->15546 15545->15484 15546->15544 15547->15524 15549 111f74e IsInExceptionSpec 15548->15549 15550 111f77a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15549->15550 15553 111f84b IsInExceptionSpec 15550->15553 15551 111c2e8 CatchGuardHandler 5 API calls 15552 111f869 15551->15552 15552->15489 15553->15551 15555 1125a9d IsInExceptionSpec 23 API calls 15554->15555 15556 1125c47 15555->15556 15558 112c7f4 __FrameHandler3::FrameUnwindToState 15557->15558 15570 1126fbb GetLastError 15558->15570 15562 112c81b 15598 112c869 15562->15598 15567 112c843 15567->15468 15568 1126a4a IsInExceptionSpec 42 API calls 15569 112c868 15568->15569 15571 1126fd1 15570->15571 15572 1126fd7 15570->15572 15573 11282ad _unexpected 6 API calls 15571->15573 15574 11282ec _unexpected 6 API calls 15572->15574 15576 1126fdb SetLastError 15572->15576 15573->15572 15575 1126ff3 15574->15575 15575->15576 15578 112a679 _unexpected 14 API calls 15575->15578 15580 1127070 15576->15580 15581 112706b 15576->15581 15579 1127008 15578->15579 15582 1127010 15579->15582 15583 1127021 15579->15583 15584 1126a4a IsInExceptionSpec 40 API calls 15580->15584 15581->15567 15597 112a5e9 EnterCriticalSection 15581->15597 15585 11282ec _unexpected 6 API calls 15582->15585 15586 11282ec _unexpected 6 API calls 15583->15586 15587 1127075 15584->15587 15588 112701e 15585->15588 15589 112702d 15586->15589 15594 1127a11 ___free_lconv_mon 14 API calls 15588->15594 15590 1127031 15589->15590 15591 1127048 15589->15591 15593 11282ec _unexpected 6 API calls 15590->15593 15592 1126de9 _unexpected 14 API calls 15591->15592 15595 1127053 15592->15595 15593->15588 15594->15576 15596 1127a11 ___free_lconv_mon 14 API calls 15595->15596 15596->15576 15597->15562 15599 112c877 _unexpected 15598->15599 15601 112c82c 15598->15601 15600 112c59c _unexpected 14 API calls 15599->15600 15599->15601 15600->15601 15602 112c848 15601->15602 15603 112a631 IsInExceptionSpec LeaveCriticalSection 15602->15603 15604 112c83f 15603->15604 15604->15567 15604->15568 15606 1126fbb _unexpected 42 API calls 15605->15606 15607 112b4f0 15606->15607 15610 112b403 15607->15610 15611 112b40f __FrameHandler3::FrameUnwindToState 15610->15611 15612 112a5e9 IsInExceptionSpec EnterCriticalSection 15611->15612 15617 112b429 15611->15617 15619 112b439 15612->15619 15613 112b482 ___scrt_uninitialize_crt LeaveCriticalSection 15613->15617 15614 1126a4a IsInExceptionSpec 42 API calls 15618 112b4a2 15614->15618 15615 112b430 15615->15473 15616 112b465 15616->15613 15617->15614 15617->15615 15619->15616 15620 1127a11 ___free_lconv_mon 14 API calls 15619->15620 15620->15616 15627 112c106 15621->15627 15623 112fb1a 15624 112fb36 SetFilePointerEx 15623->15624 15625 112fb22 ___scrt_uninitialize_crt 15623->15625 15624->15625 15626 112fb4e GetLastError 15624->15626 15625->15394 15626->15625 15628 112c113 15627->15628 15629 112c128 15627->15629 15640 1123889 15628->15640 15632 1123889 __dosmaperr 14 API calls 15629->15632 15634 112c14d 15629->15634 15635 112c158 15632->15635 15633 112389c __dosmaperr 14 API calls 15636 112c120 15633->15636 15634->15623 15637 112389c __dosmaperr 14 API calls 15635->15637 15636->15623 15638 112c160 15637->15638 15639 111f92e ___std_exception_copy 42 API calls 15638->15639 15639->15636 15641 112710c __dosmaperr 14 API calls 15640->15641 15642 112388e 15641->15642 15642->15633 15644 112b79e WideCharToMultiByte 15643->15644 15644->15410 15647 111c2f1 IsProcessorFeaturePresent 15646->15647 15648 111c2f0 15646->15648 15650 111c333 15647->15650 15648->15404 15653 111c2f6 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15650->15653 15652 111c416 15652->15404 15653->15652 15654->15384 15656 1127a7e __FrameHandler3::FrameUnwindToState 15655->15656 15663 112be8a EnterCriticalSection 15656->15663 15658 1127a8c 15659 1127abd 15658->15659 15664 1127bd6 15658->15664 15677 1127af7 15659->15677 15663->15658 15665 112c106 ___scrt_uninitialize_crt 42 API calls 15664->15665 15667 1127be6 15665->15667 15666 1127bec 15680 112c075 15666->15680 15667->15666 15669 112c106 ___scrt_uninitialize_crt 42 API calls 15667->15669 15676 1127c1e 15667->15676 15671 1127c15 15669->15671 15670 112c106 ___scrt_uninitialize_crt 42 API calls 15672 1127c2a CloseHandle 15670->15672 15673 112c106 ___scrt_uninitialize_crt 42 API calls 15671->15673 15672->15666 15674 1127c36 GetLastError 15672->15674 15673->15676 15674->15666 15675 1127c44 ___scrt_uninitialize_crt 15675->15659 15676->15666 15676->15670 15689 112bf3f LeaveCriticalSection 15677->15689 15679 1127ae0 15679->15336 15681 112c084 15680->15681 15682 112c0eb 15680->15682 15681->15682 15686 112c0ae 15681->15686 15683 112389c __dosmaperr 14 API calls 15682->15683 15684 112c0f0 15683->15684 15685 1123889 __dosmaperr 14 API calls 15684->15685 15687 112c0db 15685->15687 15686->15687 15688 112c0d5 SetStdHandle 15686->15688 15687->15675 15688->15687 15689->15679 15691 111f6b1 GetLastError SetLastError 15690->15691 15692 111f6ca 15690->15692 15691->15311 15692->15311 15694 111f967 15693->15694 15695 111f732 IsInExceptionSpec 8 API calls 15694->15695 15696 111f97c GetCurrentProcess TerminateProcess 15695->15696 15696->15313 15697->15317 16676 10feae0 16677 10feb19 16676->16677 16679 10feb05 16676->16679 16680 1103320 16677->16680 16681 11033b9 16680->16681 16682 11033e8 16681->16682 16702 10f8570 16681->16702 16684 110340d 16682->16684 16685 110341e 16682->16685 16687 10e24e0 Concurrency::cancellation_token_source::~cancellation_token_source 44 API calls 16684->16687 16686 1103416 16685->16686 16688 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16685->16688 16689 11034b2 16686->16689 16690 110350e 16686->16690 16687->16686 16688->16686 16705 110b600 16689->16705 16692 110b600 5 API calls 16690->16692 16693 1103549 16692->16693 16694 110b600 5 API calls 16693->16694 16695 1103506 16694->16695 16698 1104de0 16695->16698 16697 11035ef 16697->16679 16699 1104e9e error_info_injector 16698->16699 16700 1104e32 16698->16700 16699->16697 16700->16699 16701 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16700->16701 16701->16699 16703 111c2a2 Concurrency::cancellation_token_source::~cancellation_token_source 44 API calls 16702->16703 16704 10f857d 16703->16704 16704->16682 16706 110b633 16705->16706 16707 111c2e8 CatchGuardHandler 5 API calls 16706->16707 16708 110b6f0 16707->16708 16708->16695 16088 10eb5f0 16089 10eb62d 16088->16089 16090 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16089->16090 16091 10eb63b 16090->16091 16092 10eb64b IsInExceptionSpec 16091->16092 16095 10eb66b __aulldiv 16091->16095 16142 110ff90 16092->16142 16110 10f6570 16095->16110 16098 10e1810 44 API calls 16099 10eb805 16098->16099 16100 10e1810 44 API calls 16099->16100 16101 10eb874 16100->16101 16114 1112080 16101->16114 16105 10eb89d 16106 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16105->16106 16107 10eb8ac 16106->16107 16108 111c2e8 CatchGuardHandler 5 API calls 16107->16108 16109 10eb8c7 16108->16109 16111 10f6617 16110->16111 16111->16111 16165 10f7950 16111->16165 16113 10eb7e6 16113->16098 16118 11120c7 16114->16118 16115 1112241 16116 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16115->16116 16117 1112253 16116->16117 16119 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16117->16119 16118->16115 16201 10f6c20 16118->16201 16120 111225f 16119->16120 16122 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16120->16122 16124 111226b 16122->16124 16284 10f7810 16124->16284 16125 10f6c20 44 API calls 16127 1112130 16125->16127 16204 11122a0 16127->16204 16128 111227a 16130 111c2e8 CatchGuardHandler 5 API calls 16128->16130 16131 10eb888 16130->16131 16138 10e1ab0 16131->16138 16139 10e1ae1 16138->16139 16140 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16139->16140 16141 10e1b48 error_info_injector 16139->16141 16140->16141 16141->16105 16143 110fffb 16142->16143 16144 11100eb GetModuleHandleA 16143->16144 16164 1111cfd 16143->16164 16558 110f790 16144->16558 16146 111c2e8 CatchGuardHandler 5 API calls 16148 10eb666 16146->16148 16148->16095 16149 110f790 49 API calls 16150 11106ee GetModuleHandleA 16149->16150 16151 110f790 49 API calls 16150->16151 16152 1110979 GetModuleHandleA 16151->16152 16153 110f790 49 API calls 16152->16153 16154 1110cdb GetModuleHandleA 16153->16154 16155 110f790 49 API calls 16154->16155 16156 111103d GetModuleHandleA 16155->16156 16157 110f790 49 API calls 16156->16157 16158 111139f GetModuleHandleA 16157->16158 16159 110f790 49 API calls 16158->16159 16160 1111710 GetModuleHandleA 16159->16160 16161 110f790 49 API calls 16160->16161 16162 11119aa GetModuleHandleA 16161->16162 16163 110f790 49 API calls 16162->16163 16163->16164 16164->16146 16166 10f79a7 16165->16166 16168 10f7964 CatchIt 16165->16168 16169 10f9880 16166->16169 16168->16113 16184 10fb0e0 16169->16184 16172 10f98bd 16174 10fb0e0 5 API calls 16172->16174 16173 10e1390 44 API calls 16173->16172 16175 10f98ce 16174->16175 16188 10fc6f0 16175->16188 16179 10f990c CatchIt 16180 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16179->16180 16181 10f9992 error_info_injector 16179->16181 16180->16181 16182 111c2e8 CatchGuardHandler 5 API calls 16181->16182 16183 10f99f0 16182->16183 16183->16168 16185 10fb115 16184->16185 16186 111c2e8 CatchGuardHandler 5 API calls 16185->16186 16187 10f98b3 16186->16187 16187->16172 16187->16173 16190 10fc711 16188->16190 16189 111c2e8 CatchGuardHandler 5 API calls 16191 10f98eb 16189->16191 16190->16189 16192 10fb190 16191->16192 16193 10fb1ad 16192->16193 16194 10fb1b2 16192->16194 16195 10e1260 Concurrency::cancel_current_task RaiseException 16193->16195 16196 10fb1c3 16194->16196 16199 10fb1d4 16194->16199 16195->16194 16197 10e24e0 Concurrency::cancellation_token_source::~cancellation_token_source 44 API calls 16196->16197 16198 10fb1cc 16197->16198 16198->16179 16199->16198 16200 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16199->16200 16200->16198 16288 10f7c10 16201->16288 16205 11122fe 16204->16205 16206 111232c 16205->16206 16213 1112359 16205->16213 16207 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16206->16207 16208 111233f 16207->16208 16209 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16208->16209 16210 111234e 16209->16210 16211 111c2e8 CatchGuardHandler 5 API calls 16210->16211 16212 111213c 16211->16212 16212->16115 16238 1113420 16212->16238 16215 1112516 16213->16215 16299 10f8ac0 16213->16299 16302 10f83d0 16215->16302 16218 11126eb 16220 11128e6 16218->16220 16222 111273e 16218->16222 16219 10f83d0 44 API calls 16219->16218 16223 11128e4 16220->16223 16316 10f7b70 16220->16316 16308 10f7ae0 16222->16308 16320 1113960 16223->16320 16226 11128d8 16312 10f6ab0 16226->16312 16228 1112981 16229 1113960 44 API calls 16228->16229 16230 11129d7 16229->16230 16231 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16230->16231 16232 11129ea 16231->16232 16233 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16232->16233 16234 11129f6 16233->16234 16235 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16234->16235 16236 1112a02 16235->16236 16237 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16236->16237 16237->16210 16431 11134d0 16238->16431 16241 1111e20 16242 1111e57 16241->16242 16243 1111e79 16242->16243 16244 1111e5e 16242->16244 16247 1111e94 16243->16247 16248 1111eaf 16243->16248 16245 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16244->16245 16246 1111e71 16245->16246 16246->16115 16264 1111f70 16246->16264 16249 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16247->16249 16250 1111ec6 16248->16250 16251 1111ede 16248->16251 16249->16246 16252 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16250->16252 16253 1113420 44 API calls 16251->16253 16252->16246 16254 1111eef 16253->16254 16439 1112bd0 16254->16439 16257 1111f02 16259 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16257->16259 16258 1111f1a 16260 1111f41 16258->16260 16261 1111f29 16258->16261 16259->16246 16263 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16260->16263 16262 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16261->16262 16262->16246 16263->16246 16456 1113010 16264->16456 16266 1111fa3 16460 1112e30 16266->16460 16270 1111fd2 16271 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16270->16271 16272 1111fda 16271->16272 16480 1113860 16272->16480 16277 1112039 16279 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16277->16279 16278 111201f 16280 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16278->16280 16281 1112032 16279->16281 16280->16281 16282 111c2e8 CatchGuardHandler 5 API calls 16281->16282 16283 1112075 16282->16283 16283->16115 16285 10f7841 16284->16285 16286 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16285->16286 16287 10f78aa error_info_injector 16285->16287 16286->16287 16287->16128 16289 10f7c3a 16288->16289 16290 10e1e60 5 API calls 16289->16290 16297 10f7c61 CatchIt 16289->16297 16292 10f7caf 16290->16292 16291 111c2e8 CatchGuardHandler 5 API calls 16293 10f6ca9 16291->16293 16294 10f7d0c 16292->16294 16295 10f7cfb 16292->16295 16293->16125 16294->16297 16298 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16294->16298 16296 10e24e0 Concurrency::cancellation_token_source::~cancellation_token_source 44 API calls 16295->16296 16296->16297 16297->16291 16298->16297 16329 111c2c2 16299->16329 16303 10f83ea 16302->16303 16305 10f83ef 16302->16305 16304 10f8ac0 44 API calls 16303->16304 16304->16305 16306 10e1c50 44 API calls 16305->16306 16307 10f848b 16306->16307 16307->16218 16307->16219 16309 10f7b4c 16308->16309 16310 10f7b00 CatchIt 16308->16310 16337 10f9bc0 16309->16337 16310->16226 16313 10f6aca 16312->16313 16314 10f7ae0 44 API calls 16313->16314 16315 10f6add 16314->16315 16315->16223 16317 10f7bc1 16316->16317 16318 10e1c50 44 API calls 16317->16318 16319 10f7c03 16318->16319 16319->16223 16355 1113bf0 16320->16355 16324 1113a2e 16325 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16324->16325 16326 1113a40 16325->16326 16327 111c2e8 CatchGuardHandler 5 API calls 16326->16327 16328 1113a58 16327->16328 16328->16228 16334 111c228 16329->16334 16332 111d96b Concurrency::cancel_current_task RaiseException 16333 10f8acd 16332->16333 16333->16215 16335 10e26a0 std::invalid_argument::invalid_argument 43 API calls 16334->16335 16336 111c23a 16335->16336 16336->16332 16338 10e1e60 5 API calls 16337->16338 16339 10f9c02 16338->16339 16340 10f9c0f 16339->16340 16341 10e1390 44 API calls 16339->16341 16342 10e1e60 5 API calls 16340->16342 16341->16340 16343 10f9c29 16342->16343 16344 10e2460 5 API calls 16343->16344 16345 10f9c46 16344->16345 16346 10f9c88 16345->16346 16347 10f9c77 16345->16347 16349 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16346->16349 16351 10f9c80 CatchIt 16346->16351 16348 10e24e0 Concurrency::cancellation_token_source::~cancellation_token_source 44 API calls 16347->16348 16348->16351 16349->16351 16350 10f9d52 error_info_injector CatchIt 16353 111c2e8 CatchGuardHandler 5 API calls 16350->16353 16351->16350 16352 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16351->16352 16352->16350 16354 10f9df4 16353->16354 16354->16310 16362 1113fc0 16355->16362 16358 1113a60 16359 1113a80 CatchIt 16358->16359 16360 1113ad5 16358->16360 16359->16324 16416 1113ce0 16360->16416 16371 1114080 16362->16371 16364 1114046 16365 1114062 16364->16365 16368 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16364->16368 16369 111c2e8 CatchGuardHandler 5 API calls 16365->16369 16367 1114000 16367->16364 16378 1114760 16367->16378 16368->16365 16370 11139db 16369->16370 16370->16358 16372 1114094 16371->16372 16373 1114096 16371->16373 16372->16367 16373->16372 16374 11140ae 16373->16374 16376 11140db 16373->16376 16382 1114380 16374->16382 16376->16372 16397 11141c0 16376->16397 16379 11147b9 16378->16379 16381 111477d 16378->16381 16401 11147e0 16379->16401 16381->16367 16383 10fb0e0 5 API calls 16382->16383 16384 11143c2 16383->16384 16385 11143cf 16384->16385 16386 10e1390 44 API calls 16384->16386 16387 10fb0e0 5 API calls 16385->16387 16386->16385 16388 11143e9 16387->16388 16389 10fc6f0 5 API calls 16388->16389 16390 1114406 16389->16390 16391 10fb190 44 API calls 16390->16391 16392 1114430 CatchIt 16391->16392 16393 11144aa error_info_injector CatchIt 16392->16393 16395 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16392->16395 16394 111c2e8 CatchGuardHandler 5 API calls 16393->16394 16396 1114520 16394->16396 16395->16393 16396->16372 16398 111422d CatchIt 16397->16398 16399 1114267 error_info_injector 16398->16399 16400 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16398->16400 16399->16372 16400->16399 16402 10fb0e0 5 API calls 16401->16402 16403 1114822 16402->16403 16404 111482f 16403->16404 16405 10e1390 44 API calls 16403->16405 16406 10fb0e0 5 API calls 16404->16406 16405->16404 16407 1114849 16406->16407 16408 10fc6f0 5 API calls 16407->16408 16409 1114866 16408->16409 16410 10fb190 44 API calls 16409->16410 16412 1114890 CatchIt 16410->16412 16411 1114937 error_info_injector CatchIt 16413 111c2e8 CatchGuardHandler 5 API calls 16411->16413 16412->16411 16414 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16412->16414 16415 11149d6 16413->16415 16414->16411 16415->16381 16417 10fb0e0 5 API calls 16416->16417 16418 1113d22 16417->16418 16419 1113d2f 16418->16419 16420 10e1390 44 API calls 16418->16420 16421 10fb0e0 5 API calls 16419->16421 16420->16419 16422 1113d49 16421->16422 16423 10fc6f0 5 API calls 16422->16423 16424 1113d66 16423->16424 16425 10fb190 44 API calls 16424->16425 16426 1113d90 CatchIt 16425->16426 16427 1113e45 error_info_injector CatchIt 16426->16427 16428 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16426->16428 16429 111c2e8 CatchGuardHandler 5 API calls 16427->16429 16428->16427 16430 1113ef2 16429->16430 16430->16359 16432 11134fa 16431->16432 16433 10fb0e0 5 API calls 16432->16433 16438 1113521 CatchIt 16432->16438 16434 111356b 16433->16434 16437 10fb190 44 API calls 16434->16437 16435 111c2e8 CatchGuardHandler 5 API calls 16436 1112212 16435->16436 16436->16241 16437->16438 16438->16435 16440 1112c26 16439->16440 16441 1112c0b 16439->16441 16443 1112c33 16440->16443 16449 1112d79 16440->16449 16442 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16441->16442 16444 1112c1e 16442->16444 16445 10e1810 44 API calls 16443->16445 16447 111c2e8 CatchGuardHandler 5 API calls 16444->16447 16446 1112c40 16445->16446 16448 10f6ab0 44 API calls 16446->16448 16450 1111ef7 16447->16450 16452 1112c53 16448->16452 16451 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16449->16451 16450->16257 16450->16258 16451->16444 16453 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16452->16453 16454 1112d63 16453->16454 16455 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16454->16455 16455->16444 16457 111302c 16456->16457 16458 111c2e8 CatchGuardHandler 5 API calls 16457->16458 16459 111306f 16458->16459 16459->16266 16461 1112e89 GetLastError 16460->16461 16462 1112e6b 16460->16462 16466 1112fda 16461->16466 16467 1112ebe 16461->16467 16463 10f6570 44 API calls 16462->16463 16464 1112e78 16463->16464 16469 111c2e8 CatchGuardHandler 5 API calls 16464->16469 16468 10f6570 44 API calls 16466->16468 16470 10f6570 44 API calls 16467->16470 16468->16464 16471 1111fc3 16469->16471 16472 1112ecb 16470->16472 16476 11132b0 16471->16476 16473 10f7950 44 API calls 16472->16473 16474 1112f81 16472->16474 16473->16474 16475 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16474->16475 16475->16464 16477 11132c7 16476->16477 16478 11132da 16476->16478 16479 10f7810 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16477->16479 16478->16270 16479->16478 16495 1113b00 16480->16495 16483 10f7ae0 44 API calls 16484 111392e 16483->16484 16485 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16484->16485 16486 1113940 16485->16486 16487 111c2e8 CatchGuardHandler 5 API calls 16486->16487 16488 111200c 16487->16488 16489 1113080 16488->16489 16492 11130a3 IsInExceptionSpec 16489->16492 16494 111309c 16489->16494 16490 111c2e8 CatchGuardHandler 5 API calls 16491 1112018 16490->16491 16491->16277 16491->16278 16493 10f7ae0 44 API calls 16492->16493 16492->16494 16493->16492 16494->16490 16498 1113f00 16495->16498 16507 1114120 16498->16507 16500 1113f42 16501 1113f84 16500->16501 16514 10e1be0 16500->16514 16503 1113fa0 16501->16503 16504 10e1ab0 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16501->16504 16505 111c2e8 CatchGuardHandler 5 API calls 16503->16505 16504->16503 16506 11138db 16505->16506 16506->16483 16508 1114134 16507->16508 16509 1114136 16507->16509 16508->16500 16509->16508 16510 111417b 16509->16510 16511 111414e 16509->16511 16510->16508 16536 11142a0 16510->16536 16518 1114530 16511->16518 16515 10e1c31 16514->16515 16516 10e1bfd 16514->16516 16540 10e2030 16515->16540 16516->16500 16519 10e1e60 5 API calls 16518->16519 16520 1114572 16519->16520 16521 111457f 16520->16521 16522 10e1390 44 API calls 16520->16522 16523 10e1e60 5 API calls 16521->16523 16522->16521 16524 1114599 16523->16524 16525 10e2460 5 API calls 16524->16525 16526 11145b6 16525->16526 16527 11145e7 16526->16527 16528 11145f8 16526->16528 16529 10e24e0 Concurrency::cancellation_token_source::~cancellation_token_source 44 API calls 16527->16529 16530 11145f0 CatchIt 16528->16530 16531 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16528->16531 16529->16530 16532 1114691 error_info_injector CatchIt 16530->16532 16533 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16530->16533 16531->16530 16534 111c2e8 CatchGuardHandler 5 API calls 16532->16534 16533->16532 16535 1114706 16534->16535 16535->16508 16537 111430b CatchIt 16536->16537 16538 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16537->16538 16539 1114343 error_info_injector 16537->16539 16538->16539 16539->16508 16541 10e1e60 5 API calls 16540->16541 16542 10e2072 16541->16542 16543 10e207f 16542->16543 16545 10e1390 44 API calls 16542->16545 16544 10e1e60 5 API calls 16543->16544 16546 10e2099 16544->16546 16545->16543 16547 10e2460 5 API calls 16546->16547 16548 10e20b6 16547->16548 16549 10e20f8 16548->16549 16550 10e20e7 16548->16550 16552 111c4f3 Concurrency::cancellation_token_source::~cancellation_token_source 16 API calls 16549->16552 16553 10e20f0 CatchIt 16549->16553 16551 10e24e0 Concurrency::cancellation_token_source::~cancellation_token_source 44 API calls 16550->16551 16551->16553 16552->16553 16554 10e21b3 error_info_injector CatchIt 16553->16554 16555 10e1320 Concurrency::cancellation_token_source::~cancellation_token_source 42 API calls 16553->16555 16556 111c2e8 CatchGuardHandler 5 API calls 16554->16556 16555->16554 16557 10e2246 16556->16557 16557->16516 16560 110f7cd IsInExceptionSpec 16558->16560 16568 110f7c6 16558->16568 16559 111c2e8 CatchGuardHandler 5 API calls 16561 110ff81 GetModuleHandleA 16559->16561 16560->16568 16577 11253f7 16560->16577 16561->16149 16563 110fac8 16564 110fc14 lstrcpyA lstrcatA GetModuleHandleA 16563->16564 16565 110fda9 16564->16565 16566 110fdbf 16564->16566 16567 112544b ___std_exception_copy 14 API calls 16565->16567 16569 110ff27 16566->16569 16570 110ff09 16566->16570 16567->16568 16568->16559 16586 11253b8 16569->16586 16571 110f790 46 API calls 16570->16571 16573 110ff1c 16571->16573 16576 112544b ___std_exception_copy 14 API calls 16573->16576 16575 110f790 46 API calls 16575->16573 16576->16568 16578 1125404 16577->16578 16579 1125434 16577->16579 16580 11253ad ___std_exception_copy 15 API calls 16578->16580 16579->16563 16581 112541c 16580->16581 16581->16579 16582 1126a8e ___std_exception_copy 42 API calls 16581->16582 16583 112542d 16582->16583 16583->16579 16584 111f95b Concurrency::cancellation_token_source::~cancellation_token_source 11 API calls 16583->16584 16585 112544a 16584->16585 16587 11253cb ___std_exception_copy 16586->16587 16592 1122f99 16587->16592 16589 11253e5 16590 111f66a ___std_exception_copy 42 API calls 16589->16590 16591 110ff36 16590->16591 16591->16575 16606 1122cc8 16592->16606 16594 1122ff3 16598 11234b0 ___scrt_uninitialize_crt 42 API calls 16594->16598 16600 1123017 16594->16600 16595 1122fc0 16597 111f8b1 ___std_exception_copy 29 API calls 16595->16597 16596 1122fab 16596->16594 16596->16595 16605 1122fdb 16596->16605 16597->16605 16598->16600 16602 112303b 16600->16602 16613 1122ce3 16600->16613 16601 11230c3 16603 1122c9f 42 API calls 16601->16603 16602->16601 16620 1122c9f 16602->16620 16603->16605 16605->16589 16607 1122ce0 16606->16607 16608 1122ccd 16606->16608 16607->16596 16609 112389c __dosmaperr 14 API calls 16608->16609 16610 1122cd2 16609->16610 16611 111f92e ___std_exception_copy 42 API calls 16610->16611 16612 1122cdd 16611->16612 16612->16596 16614 1122d05 16613->16614 16615 1122cef 16613->16615 16617 1122d15 16614->16617 16631 1126bb2 16614->16631 16626 11279e0 16615->16626 16617->16600 16618 1122cfa 16618->16600 16621 1122cb0 16620->16621 16622 1122cc4 16620->16622 16621->16622 16623 112389c __dosmaperr 14 API calls 16621->16623 16622->16601 16624 1122cb9 16623->16624 16625 111f92e ___std_exception_copy 42 API calls 16624->16625 16625->16622 16627 1126fbb _unexpected 42 API calls 16626->16627 16628 11279eb 16627->16628 16638 11272a6 16628->16638 16642 11203d4 16631->16642 16633 1126bdf 16636 111c2e8 CatchGuardHandler 5 API calls 16633->16636 16637 1126c7b 16636->16637 16637->16617 16639 11272ce 16638->16639 16640 11272b9 16638->16640 16639->16618 16640->16639 16641 112c7e8 ___scrt_uninitialize_crt 42 API calls 16640->16641 16641->16639 16643 11203eb 16642->16643 16644 11203f2 16642->16644 16643->16633 16650 112c3f6 16643->16650 16644->16643 16645 1126fbb _unexpected 42 API calls 16644->16645 16646 1120413 16645->16646 16647 11272a6 42 API calls 16646->16647 16648 1120429 16647->16648 16665 1127304 16648->16665 16651 11203d4 42 API calls 16650->16651 16652 112c416 16651->16652 16669 1127fb8 16652->16669 16654 112c4da 16657 111c2e8 CatchGuardHandler 5 API calls 16654->16657 16655 112c4d2 16672 112c4ff 16655->16672 16656 112c443 16656->16654 16656->16655 16659 1127f6a 15 API calls 16656->16659 16661 112c468 IsInExceptionSpec 16656->16661 16660 112c4fd 16657->16660 16659->16661 16660->16633 16661->16655 16662 1127fb8 ___scrt_uninitialize_crt MultiByteToWideChar 16661->16662 16663 112c4b3 16662->16663 16663->16655 16664 112c4be GetStringTypeW 16663->16664 16664->16655 16666 1127317 16665->16666 16667 112732c 16665->16667 16666->16667 16668 112b4eb ___scrt_uninitialize_crt 42 API calls 16666->16668 16667->16643 16668->16667 16670 1127fc9 MultiByteToWideChar 16669->16670 16670->16656 16673 112c50b 16672->16673 16674 112c51c 16672->16674 16673->16674 16675 1127a11 ___free_lconv_mon 14 API calls 16673->16675 16674->16654 16675->16674

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E010E3CC0(intOrPtr __ecx, void* __edx, void* __eflags) {
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				char _v268;
                                                                                                                                                              				signed int _v272;
                                                                                                                                                              				intOrPtr _v276;
                                                                                                                                                              				signed int _v280;
                                                                                                                                                              				signed int _v284;
                                                                                                                                                              				signed int _v288;
                                                                                                                                                              				intOrPtr _v292;
                                                                                                                                                              				intOrPtr _v296;
                                                                                                                                                              				intOrPtr _v300;
                                                                                                                                                              				intOrPtr _v304;
                                                                                                                                                              				signed int _v308;
                                                                                                                                                              				signed int _v312;
                                                                                                                                                              				intOrPtr _v316;
                                                                                                                                                              				intOrPtr _v320;
                                                                                                                                                              				signed int _v324;
                                                                                                                                                              				intOrPtr _v328;
                                                                                                                                                              				intOrPtr _v332;
                                                                                                                                                              				intOrPtr _v336;
                                                                                                                                                              				intOrPtr _v340;
                                                                                                                                                              				intOrPtr _v344;
                                                                                                                                                              				intOrPtr _v348;
                                                                                                                                                              				signed int _v352;
                                                                                                                                                              				intOrPtr _v356;
                                                                                                                                                              				intOrPtr _v360;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				signed int _t57;
                                                                                                                                                              				intOrPtr _t60;
                                                                                                                                                              				intOrPtr _t61;
                                                                                                                                                              				void* _t63;
                                                                                                                                                              				intOrPtr _t64;
                                                                                                                                                              				void* _t66;
                                                                                                                                                              				signed int _t67;
                                                                                                                                                              				signed int _t70;
                                                                                                                                                              				intOrPtr _t84;
                                                                                                                                                              				signed int _t94;
                                                                                                                                                              				void* _t105;
                                                                                                                                                              				intOrPtr _t111;
                                                                                                                                                              				void* _t114;
                                                                                                                                                              				signed int _t121;
                                                                                                                                                              
                                                                                                                                                              				_t105 = __edx;
                                                                                                                                                              				_t57 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_v8 = _t57 ^ _t121;
                                                                                                                                                              				_v276 = __ecx;
                                                                                                                                                              				_v272 = 0;
                                                                                                                                                              				_t60 =  *0x11428d0; // 0x3a
                                                                                                                                                              				asm("cdq");
                                                                                                                                                              				_t114 = __edx;
                                                                                                                                                              				asm("adc edi, 0x0");
                                                                                                                                                              				_t61 =  *0x11428d4; // 0xfc
                                                                                                                                                              				asm("cdq");
                                                                                                                                                              				asm("adc edx, 0x0");
                                                                                                                                                              				_t63 = E01133280(_t61 + 0x4579, __edx, 0x4579, 0);
                                                                                                                                                              				_t88 = _t105;
                                                                                                                                                              				asm("adc ebx, 0x0");
                                                                                                                                                              				_t64 =  *0x11428d4; // 0xfc
                                                                                                                                                              				asm("cdq");
                                                                                                                                                              				asm("adc edx, 0x0");
                                                                                                                                                              				_t66 = E01133280(_t63 + 5, _t105, _t64 + 9, _t105);
                                                                                                                                                              				asm("adc edi, edx");
                                                                                                                                                              				asm("adc edi, 0x0");
                                                                                                                                                              				_t67 = E010E2730(_t60 + 9 + _t66 + 0x4579, _t114);
                                                                                                                                                              				__imp__SHGetFolderPathA(0, _t67, 0, 0,  &_v268); // executed
                                                                                                                                                              				_v280 = _t67;
                                                                                                                                                              				_v288 = 0x4560;
                                                                                                                                                              				_v284 = 0;
                                                                                                                                                              				_v312 = _v288 ^ 0x00000019;
                                                                                                                                                              				_v308 = _v284 ^ 0x00000000;
                                                                                                                                                              				_v296 = 0x19;
                                                                                                                                                              				_v292 = 0;
                                                                                                                                                              				_t70 =  *0x11428c0; // 0x51
                                                                                                                                                              				_t94 =  *0x11428c4; // 0x0
                                                                                                                                                              				_v304 = E01133280(_t70 ^ 0x00004579, _t94 ^ 0x00000000, 6, 0);
                                                                                                                                                              				_v300 = 0;
                                                                                                                                                              				_v320 = 0x4579;
                                                                                                                                                              				_v316 = 0;
                                                                                                                                                              				asm("adc ecx, edx");
                                                                                                                                                              				asm("adc ecx, 0x0");
                                                                                                                                                              				_v336 = _v296 + _v304 + 1;
                                                                                                                                                              				_v332 = _v292;
                                                                                                                                                              				asm("sbb ecx, edx");
                                                                                                                                                              				_v328 = _v312 - _v320;
                                                                                                                                                              				_v324 = _v308;
                                                                                                                                                              				_t111 = _v336;
                                                                                                                                                              				_v344 = E01133300(_v328, _v324, _t111, _v332);
                                                                                                                                                              				_v340 = _t111;
                                                                                                                                                              				asm("cdq");
                                                                                                                                                              				_t120 = _v340;
                                                                                                                                                              				_v352 = _v280;
                                                                                                                                                              				_v348 = _t111;
                                                                                                                                                              				_v360 = _v344;
                                                                                                                                                              				_v356 = _v340;
                                                                                                                                                              				_t112 = _v352;
                                                                                                                                                              				if(_v352 != _v360 || _v348 != _v356) {
                                                                                                                                                              					E010E1810(_v276, 0x113cb49);
                                                                                                                                                              					_v272 = _v272 | 0x00000001;
                                                                                                                                                              					_t84 = _v276;
                                                                                                                                                              				} else {
                                                                                                                                                              					E010E1810(_v276,  &_v268);
                                                                                                                                                              					_t112 = _v272 | 0x00000001;
                                                                                                                                                              					_v272 = _v272 | 0x00000001;
                                                                                                                                                              					_t84 = _v276;
                                                                                                                                                              				}
                                                                                                                                                              				return E0111C2E8(_t84, _t88, _v8 ^ _t121, _t112, _t114, _t120);
                                                                                                                                                              			}













































                                                                                                                                                              0x010e3cc0
                                                                                                                                                              0x010e3cc9
                                                                                                                                                              0x010e3cd0
                                                                                                                                                              0x010e3cd6
                                                                                                                                                              0x010e3cdc
                                                                                                                                                              0x010e3cf1
                                                                                                                                                              0x010e3cf6
                                                                                                                                                              0x010e3cf9
                                                                                                                                                              0x010e3cfe
                                                                                                                                                              0x010e3d01
                                                                                                                                                              0x010e3d06
                                                                                                                                                              0x010e3d0c
                                                                                                                                                              0x010e3d18
                                                                                                                                                              0x010e3d1f
                                                                                                                                                              0x010e3d24
                                                                                                                                                              0x010e3d27
                                                                                                                                                              0x010e3d2c
                                                                                                                                                              0x010e3d30
                                                                                                                                                              0x010e3d37
                                                                                                                                                              0x010e3d3e
                                                                                                                                                              0x010e3d46
                                                                                                                                                              0x010e3d4b
                                                                                                                                                              0x010e3d56
                                                                                                                                                              0x010e3d5c
                                                                                                                                                              0x010e3d64
                                                                                                                                                              0x010e3d6e
                                                                                                                                                              0x010e3d86
                                                                                                                                                              0x010e3d8c
                                                                                                                                                              0x010e3d94
                                                                                                                                                              0x010e3d9e
                                                                                                                                                              0x010e3da4
                                                                                                                                                              0x010e3dae
                                                                                                                                                              0x010e3dc2
                                                                                                                                                              0x010e3dc8
                                                                                                                                                              0x010e3dd0
                                                                                                                                                              0x010e3dda
                                                                                                                                                              0x010e3df8
                                                                                                                                                              0x010e3dfd
                                                                                                                                                              0x010e3e00
                                                                                                                                                              0x010e3e06
                                                                                                                                                              0x010e3e24
                                                                                                                                                              0x010e3e26
                                                                                                                                                              0x010e3e2c
                                                                                                                                                              0x010e3e3e
                                                                                                                                                              0x010e3e53
                                                                                                                                                              0x010e3e59
                                                                                                                                                              0x010e3e65
                                                                                                                                                              0x010e3e6c
                                                                                                                                                              0x010e3e72
                                                                                                                                                              0x010e3e78
                                                                                                                                                              0x010e3e7e
                                                                                                                                                              0x010e3e84
                                                                                                                                                              0x010e3e8a
                                                                                                                                                              0x010e3e96
                                                                                                                                                              0x010e3eda
                                                                                                                                                              0x010e3ee8
                                                                                                                                                              0x010e3eee
                                                                                                                                                              0x010e3ea6
                                                                                                                                                              0x010e3eb3
                                                                                                                                                              0x010e3ebe
                                                                                                                                                              0x010e3ec1
                                                                                                                                                              0x010e3ec7
                                                                                                                                                              0x010e3ec7
                                                                                                                                                              0x010e3f04

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 010E2730: __aulldiv.LIBCMT ref: 010E27B2
                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000000), ref: 010E3D56
                                                                                                                                                              • __aulldiv.LIBCMT ref: 010E3E4E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aulldiv$FolderPath
                                                                                                                                                              • String ID: `E$yE
                                                                                                                                                              • API String ID: 3798299979-886419907
                                                                                                                                                              • Opcode ID: 5f68761f6bdaa5782d49f137f558909472d10bbd892fd6200c95a07f0aa4a6b1
                                                                                                                                                              • Instruction ID: 8a37e17ac3db411ffd568b7e72de86c8cd58378e5d68df647d53352c7976e274
                                                                                                                                                              • Opcode Fuzzy Hash: 5f68761f6bdaa5782d49f137f558909472d10bbd892fd6200c95a07f0aa4a6b1
                                                                                                                                                              • Instruction Fuzzy Hash: 1451B2B1E002289BDB68CB19DC45BDAB7F5BB88304F0481E9E54CA7394D7746EC18F94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E010EB5F0(void* __edx, void* __eflags, char _a4) {
                                                                                                                                                              				char _v8;
                                                                                                                                                              				char _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				char _v44;
                                                                                                                                                              				signed int _v45;
                                                                                                                                                              				intOrPtr _v52;
                                                                                                                                                              				intOrPtr* _v56;
                                                                                                                                                              				char _v60;
                                                                                                                                                              				void* _v64;
                                                                                                                                                              				intOrPtr _v68;
                                                                                                                                                              				intOrPtr _v72;
                                                                                                                                                              				intOrPtr _v76;
                                                                                                                                                              				intOrPtr _v80;
                                                                                                                                                              				intOrPtr _v84;
                                                                                                                                                              				intOrPtr _v88;
                                                                                                                                                              				intOrPtr _v92;
                                                                                                                                                              				intOrPtr _v96;
                                                                                                                                                              				intOrPtr _v100;
                                                                                                                                                              				intOrPtr _v104;
                                                                                                                                                              				signed int _v108;
                                                                                                                                                              				signed int _v112;
                                                                                                                                                              				intOrPtr _v116;
                                                                                                                                                              				intOrPtr _v120;
                                                                                                                                                              				intOrPtr _v124;
                                                                                                                                                              				intOrPtr _v128;
                                                                                                                                                              				signed int _v132;
                                                                                                                                                              				signed int _v136;
                                                                                                                                                              				intOrPtr _v140;
                                                                                                                                                              				intOrPtr _v144;
                                                                                                                                                              				signed int _v148;
                                                                                                                                                              				intOrPtr _v152;
                                                                                                                                                              				intOrPtr _v156;
                                                                                                                                                              				intOrPtr _v160;
                                                                                                                                                              				intOrPtr _v164;
                                                                                                                                                              				intOrPtr _v168;
                                                                                                                                                              				intOrPtr _v172;
                                                                                                                                                              				intOrPtr _v176;
                                                                                                                                                              				intOrPtr _v180;
                                                                                                                                                              				intOrPtr _v184;
                                                                                                                                                              				intOrPtr _v188;
                                                                                                                                                              				intOrPtr _v192;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				signed int _t96;
                                                                                                                                                              				signed int _t97;
                                                                                                                                                              				intOrPtr _t100;
                                                                                                                                                              				intOrPtr _t101;
                                                                                                                                                              				intOrPtr _t102;
                                                                                                                                                              				void* _t104;
                                                                                                                                                              				intOrPtr _t105;
                                                                                                                                                              				void* _t107;
                                                                                                                                                              				signed int _t111;
                                                                                                                                                              				intOrPtr _t129;
                                                                                                                                                              				void* _t140;
                                                                                                                                                              				signed int _t147;
                                                                                                                                                              				void* _t168;
                                                                                                                                                              				intOrPtr _t169;
                                                                                                                                                              				intOrPtr _t175;
                                                                                                                                                              				void* _t182;
                                                                                                                                                              				void* _t184;
                                                                                                                                                              				void* _t185;
                                                                                                                                                              				void* _t191;
                                                                                                                                                              				signed int _t192;
                                                                                                                                                              				void* _t193;
                                                                                                                                                              				void* _t195;
                                                                                                                                                              				intOrPtr _t197;
                                                                                                                                                              				intOrPtr _t198;
                                                                                                                                                              				void* _t200;
                                                                                                                                                              
                                                                                                                                                              				_t200 = __eflags;
                                                                                                                                                              				_t168 = __edx;
                                                                                                                                                              				_push(0xffffffff);
                                                                                                                                                              				_push(0x1134e8d);
                                                                                                                                                              				_push( *[fs:0x0]);
                                                                                                                                                              				_t96 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_t97 = _t96 ^ _t192;
                                                                                                                                                              				_v20 = _t97;
                                                                                                                                                              				_push(_t185);
                                                                                                                                                              				_push(_t182);
                                                                                                                                                              				_push(_t97);
                                                                                                                                                              				 *[fs:0x0] =  &_v16;
                                                                                                                                                              				_v8 = 0;
                                                                                                                                                              				E010E1910( &_v44);
                                                                                                                                                              				_v8 = 1;
                                                                                                                                                              				_push(0x80);
                                                                                                                                                              				_t100 = E0111C4F3(_t168, _t200);
                                                                                                                                                              				_t195 = _t193 - 0xb0 + 4;
                                                                                                                                                              				_v52 = _t100;
                                                                                                                                                              				_v8 = 2;
                                                                                                                                                              				_t201 = _v52;
                                                                                                                                                              				if(_v52 == 0) {
                                                                                                                                                              					_v60 = 0;
                                                                                                                                                              				} else {
                                                                                                                                                              					E0111DBB0(_t182, _v52, 0, 0x80);
                                                                                                                                                              					_t195 = _t195 + 0xc;
                                                                                                                                                              					_v60 = E0110FF90(_v52, _t182, _t185, _t201);
                                                                                                                                                              				}
                                                                                                                                                              				_v72 = _v60;
                                                                                                                                                              				_v8 = 1;
                                                                                                                                                              				_t169 = _v72;
                                                                                                                                                              				_v96 = _t169;
                                                                                                                                                              				_t101 =  *0x11428d0; // 0x3a
                                                                                                                                                              				asm("cdq");
                                                                                                                                                              				_t183 = _t169;
                                                                                                                                                              				asm("adc edi, 0x0");
                                                                                                                                                              				_t102 =  *0x11428d4; // 0xfc
                                                                                                                                                              				asm("cdq");
                                                                                                                                                              				asm("adc edx, 0x0");
                                                                                                                                                              				_t104 = E01133280(_t102 + 0x4579, _t169, 0x4579, 0);
                                                                                                                                                              				_t139 = _t169;
                                                                                                                                                              				asm("adc ebx, 0x0");
                                                                                                                                                              				_t105 =  *0x11428d4; // 0xfc
                                                                                                                                                              				asm("cdq");
                                                                                                                                                              				asm("adc edx, 0x0");
                                                                                                                                                              				_t107 = E01133280(_t104 + 0xb, _t169, _t105 + 9, _t169);
                                                                                                                                                              				asm("adc edi, edx");
                                                                                                                                                              				asm("adc edi, 0x0");
                                                                                                                                                              				_v88 = E010E2730(_t101 + 9 + _t107 + 0x4579, _t169);
                                                                                                                                                              				_v112 = 0x107bc4;
                                                                                                                                                              				_v108 = 0;
                                                                                                                                                              				_v136 = _v112 ^ 0x00000019;
                                                                                                                                                              				_v132 = _v108 ^ 0x00000000;
                                                                                                                                                              				_v120 = 0x19;
                                                                                                                                                              				_v116 = 0;
                                                                                                                                                              				_t111 =  *0x11428c0; // 0x51
                                                                                                                                                              				_t147 =  *0x11428c4; // 0x0
                                                                                                                                                              				_v128 = E01133280(_t111 ^ 0x00004579, _t147 ^ 0x00000000, 6, 0);
                                                                                                                                                              				_v124 = 0;
                                                                                                                                                              				_v144 = 0x4579;
                                                                                                                                                              				_v140 = 0;
                                                                                                                                                              				asm("adc ecx, edx");
                                                                                                                                                              				asm("adc ecx, 0x0");
                                                                                                                                                              				_v160 = _v120 + _v128 + 1;
                                                                                                                                                              				_v156 = _v116;
                                                                                                                                                              				asm("sbb ecx, edx");
                                                                                                                                                              				_v152 = _v136 - _v144;
                                                                                                                                                              				_v148 = _v132;
                                                                                                                                                              				_t175 = _v160;
                                                                                                                                                              				_t190 = _v156;
                                                                                                                                                              				_v168 = E01133300(_v152, _v148, _t175, _v156);
                                                                                                                                                              				_v164 = _t175;
                                                                                                                                                              				_v172 = _v164;
                                                                                                                                                              				_v92 = _v168;
                                                                                                                                                              				_push(0);
                                                                                                                                                              				_t197 = _t195 + 8 - 0x18;
                                                                                                                                                              				_v176 = _t197;
                                                                                                                                                              				_v180 = E010F6570(_t197, L"Content-Type: application/x-www-form-urlencoded\r\n");
                                                                                                                                                              				_v8 = 3;
                                                                                                                                                              				_t198 = _t197 - 0x18;
                                                                                                                                                              				_v184 = _t198;
                                                                                                                                                              				_v188 = E010E1810(_t198, 0x113cbbe);
                                                                                                                                                              				_v8 = 4;
                                                                                                                                                              				_push( &_v44);
                                                                                                                                                              				_v56 =  &_a4;
                                                                                                                                                              				_v68 = _v56;
                                                                                                                                                              				if( *((intOrPtr*)(_v56 + 0x14)) < 0x10) {
                                                                                                                                                              					_v64 = 0;
                                                                                                                                                              				} else {
                                                                                                                                                              					_v64 = 1;
                                                                                                                                                              				}
                                                                                                                                                              				_v45 = _v64;
                                                                                                                                                              				_t203 = _v45 & 0x000000ff;
                                                                                                                                                              				if((_v45 & 0x000000ff) != 0) {
                                                                                                                                                              					_v76 =  *_v56;
                                                                                                                                                              					_v68 = _v76;
                                                                                                                                                              				}
                                                                                                                                                              				_v80 = _v68;
                                                                                                                                                              				_v84 = _v80;
                                                                                                                                                              				_v192 = _t198 - 0x18;
                                                                                                                                                              				E010E1810(_t198 - 0x18, _v84);
                                                                                                                                                              				_push(_v88);
                                                                                                                                                              				_push(_v92);
                                                                                                                                                              				_v8 = 1;
                                                                                                                                                              				_t129 = E01112080(_t139, _v96, _t183, _t190, _t203); // executed
                                                                                                                                                              				_v100 = _t129;
                                                                                                                                                              				_v104 = _v100;
                                                                                                                                                              				_v8 = 0;
                                                                                                                                                              				E010E1AB0( &_v44); // executed
                                                                                                                                                              				_v8 = 0xffffffff;
                                                                                                                                                              				E010E1AB0( &_a4);
                                                                                                                                                              				 *[fs:0x0] = _v16;
                                                                                                                                                              				_pop(_t184);
                                                                                                                                                              				_pop(_t191);
                                                                                                                                                              				_pop(_t140);
                                                                                                                                                              				return E0111C2E8(_v104, _t140, _v20 ^ _t192, _v100, _t184, _t191);
                                                                                                                                                              			}








































































                                                                                                                                                              0x010eb5f0
                                                                                                                                                              0x010eb5f0
                                                                                                                                                              0x010eb5f3
                                                                                                                                                              0x010eb5f5
                                                                                                                                                              0x010eb600
                                                                                                                                                              0x010eb607
                                                                                                                                                              0x010eb60c
                                                                                                                                                              0x010eb60e
                                                                                                                                                              0x010eb612
                                                                                                                                                              0x010eb613
                                                                                                                                                              0x010eb614
                                                                                                                                                              0x010eb618
                                                                                                                                                              0x010eb61e
                                                                                                                                                              0x010eb628
                                                                                                                                                              0x010eb62d
                                                                                                                                                              0x010eb631
                                                                                                                                                              0x010eb636
                                                                                                                                                              0x010eb63b
                                                                                                                                                              0x010eb63e
                                                                                                                                                              0x010eb641
                                                                                                                                                              0x010eb645
                                                                                                                                                              0x010eb649
                                                                                                                                                              0x010eb66b
                                                                                                                                                              0x010eb64b
                                                                                                                                                              0x010eb656
                                                                                                                                                              0x010eb65b
                                                                                                                                                              0x010eb666
                                                                                                                                                              0x010eb666
                                                                                                                                                              0x010eb675
                                                                                                                                                              0x010eb678
                                                                                                                                                              0x010eb67c
                                                                                                                                                              0x010eb67f
                                                                                                                                                              0x010eb682
                                                                                                                                                              0x010eb687
                                                                                                                                                              0x010eb68a
                                                                                                                                                              0x010eb68f
                                                                                                                                                              0x010eb692
                                                                                                                                                              0x010eb697
                                                                                                                                                              0x010eb69d
                                                                                                                                                              0x010eb6a9
                                                                                                                                                              0x010eb6b0
                                                                                                                                                              0x010eb6b5
                                                                                                                                                              0x010eb6b8
                                                                                                                                                              0x010eb6bd
                                                                                                                                                              0x010eb6c1
                                                                                                                                                              0x010eb6c8
                                                                                                                                                              0x010eb6cf
                                                                                                                                                              0x010eb6d7
                                                                                                                                                              0x010eb6e4
                                                                                                                                                              0x010eb6e9
                                                                                                                                                              0x010eb6f0
                                                                                                                                                              0x010eb6ff
                                                                                                                                                              0x010eb705
                                                                                                                                                              0x010eb70a
                                                                                                                                                              0x010eb711
                                                                                                                                                              0x010eb714
                                                                                                                                                              0x010eb71e
                                                                                                                                                              0x010eb732
                                                                                                                                                              0x010eb735
                                                                                                                                                              0x010eb73a
                                                                                                                                                              0x010eb744
                                                                                                                                                              0x010eb756
                                                                                                                                                              0x010eb75b
                                                                                                                                                              0x010eb75e
                                                                                                                                                              0x010eb764
                                                                                                                                                              0x010eb77f
                                                                                                                                                              0x010eb781
                                                                                                                                                              0x010eb787
                                                                                                                                                              0x010eb799
                                                                                                                                                              0x010eb79f
                                                                                                                                                              0x010eb7ae
                                                                                                                                                              0x010eb7b4
                                                                                                                                                              0x010eb7c6
                                                                                                                                                              0x010eb7cc
                                                                                                                                                              0x010eb7cf
                                                                                                                                                              0x010eb7d1
                                                                                                                                                              0x010eb7d6
                                                                                                                                                              0x010eb7e6
                                                                                                                                                              0x010eb7ec
                                                                                                                                                              0x010eb7f0
                                                                                                                                                              0x010eb7f5
                                                                                                                                                              0x010eb805
                                                                                                                                                              0x010eb80b
                                                                                                                                                              0x010eb812
                                                                                                                                                              0x010eb816
                                                                                                                                                              0x010eb81c
                                                                                                                                                              0x010eb826
                                                                                                                                                              0x010eb831
                                                                                                                                                              0x010eb828
                                                                                                                                                              0x010eb828
                                                                                                                                                              0x010eb828
                                                                                                                                                              0x010eb83b
                                                                                                                                                              0x010eb842
                                                                                                                                                              0x010eb844
                                                                                                                                                              0x010eb84b
                                                                                                                                                              0x010eb851
                                                                                                                                                              0x010eb851
                                                                                                                                                              0x010eb857
                                                                                                                                                              0x010eb85d
                                                                                                                                                              0x010eb865
                                                                                                                                                              0x010eb86f
                                                                                                                                                              0x010eb877
                                                                                                                                                              0x010eb87b
                                                                                                                                                              0x010eb87c
                                                                                                                                                              0x010eb883
                                                                                                                                                              0x010eb888
                                                                                                                                                              0x010eb88e
                                                                                                                                                              0x010eb891
                                                                                                                                                              0x010eb898
                                                                                                                                                              0x010eb89d
                                                                                                                                                              0x010eb8a7
                                                                                                                                                              0x010eb8b2
                                                                                                                                                              0x010eb8ba
                                                                                                                                                              0x010eb8bb
                                                                                                                                                              0x010eb8bc
                                                                                                                                                              0x010eb8ca

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • yE, xrefs: 010EB73A
                                                                                                                                                              • Content-Type: application/x-www-form-urlencoded, xrefs: 010EB7DC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                              • String ID: Content-Type: application/x-www-form-urlencoded$yE
                                                                                                                                                              • API String ID: 3732870572-2809620063
                                                                                                                                                              • Opcode ID: caa8d01d86de9aae0e2a821e8bdb2c0332328bb00a8832b9c7b0de8bb386003e
                                                                                                                                                              • Instruction ID: b3545657d62fd996b95c4e59da25f9afb7328ef5260d5507b23325bf0165e498
                                                                                                                                                              • Opcode Fuzzy Hash: caa8d01d86de9aae0e2a821e8bdb2c0332328bb00a8832b9c7b0de8bb386003e
                                                                                                                                                              • Instruction Fuzzy Hash: 2B9148B1E002189FDB18DFA9D844BDEBBF1BF88304F1481A9E449A7385DB345A84CF91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 62 10e38d0-10e38da 63 10e38dc-10e38e8 62->63 64 10e3908-10e390a 62->64 65 10e38eb-10e38fb 63->65 66 10e394c-10e394f 64->66 65->65 67 10e38fd-10e3906 65->67 67->64 68 10e390c-10e391d GetFileAttributesA 67->68 69 10e391f-10e392c GetLastError 68->69 70 10e394a 68->70 71 10e392e-10e3932 69->71 72 10e3940-10e3942 69->72 70->66 71->72 73 10e3934-10e3938 71->73 72->66 73->72 74 10e393a-10e393e 73->74 74->72 75 10e3946-10e3948 74->75 75->66
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E010E38D0(CHAR* _a4) {
                                                                                                                                                              				char _v5;
                                                                                                                                                              				intOrPtr* _v12;
                                                                                                                                                              				long _v16;
                                                                                                                                                              				intOrPtr _v20;
                                                                                                                                                              				intOrPtr _v24;
                                                                                                                                                              				long _v28;
                                                                                                                                                              				long _t25;
                                                                                                                                                              				intOrPtr _t33;
                                                                                                                                                              
                                                                                                                                                              				if(_a4 == 0) {
                                                                                                                                                              					L4:
                                                                                                                                                              					return 0;
                                                                                                                                                              				}
                                                                                                                                                              				_v12 = _a4;
                                                                                                                                                              				_v20 = _v12 + 1;
                                                                                                                                                              				do {
                                                                                                                                                              					_v5 =  *_v12;
                                                                                                                                                              					_v12 = _v12 + 1;
                                                                                                                                                              				} while (_v5 != 0);
                                                                                                                                                              				_t33 = _v12 - _v20;
                                                                                                                                                              				_v24 = _t33;
                                                                                                                                                              				if(_t33 != 0) {
                                                                                                                                                              					_t25 = GetFileAttributesA(_a4); // executed
                                                                                                                                                              					_v28 = _t25;
                                                                                                                                                              					if(_v28 != 0xffffffff) {
                                                                                                                                                              						return 1;
                                                                                                                                                              					}
                                                                                                                                                              					_v16 = GetLastError();
                                                                                                                                                              					if(_v16 == 0x44 || _v16 == 0x20 || _v16 == 0x45 || _v16 == 0x24) {
                                                                                                                                                              						return 1;
                                                                                                                                                              					} else {
                                                                                                                                                              						return 0;
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              				goto L4;
                                                                                                                                                              			}











                                                                                                                                                              0x010e38da
                                                                                                                                                              0x010e3908
                                                                                                                                                              0x00000000
                                                                                                                                                              0x010e3908
                                                                                                                                                              0x010e38df
                                                                                                                                                              0x010e38e8
                                                                                                                                                              0x010e38eb
                                                                                                                                                              0x010e38f0
                                                                                                                                                              0x010e38f3
                                                                                                                                                              0x010e38f7
                                                                                                                                                              0x010e3900
                                                                                                                                                              0x010e3903
                                                                                                                                                              0x010e3906
                                                                                                                                                              0x010e3910
                                                                                                                                                              0x010e3916
                                                                                                                                                              0x010e391d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x010e394a
                                                                                                                                                              0x010e3925
                                                                                                                                                              0x010e392c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x010e3946
                                                                                                                                                              0x00000000
                                                                                                                                                              0x010e3946
                                                                                                                                                              0x010e392c
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000001), ref: 010E3910
                                                                                                                                                              • GetLastError.KERNEL32 ref: 010E391F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AttributesErrorFileLast
                                                                                                                                                              • String ID: $
                                                                                                                                                              • API String ID: 1799206407-3993045852
                                                                                                                                                              • Opcode ID: a8efb59ac5cae3318713dbac4621e9c3e4d7c6719eedd365b446346a5662979c
                                                                                                                                                              • Instruction ID: f7baca8dfc4927fb41dee4ef46d6653fd5b2a32ea64b0a347948d7ad673f9f77
                                                                                                                                                              • Opcode Fuzzy Hash: a8efb59ac5cae3318713dbac4621e9c3e4d7c6719eedd365b446346a5662979c
                                                                                                                                                              • Instruction Fuzzy Hash: 5111D374D04308EFCF699FAAC4886ADBFF0BB06625F0081D9D5A56B345C3355682DF91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E01112E30(void* __ebx, intOrPtr __ecx, char* __edx, void* __edi, void* __esi, intOrPtr _a4) {
                                                                                                                                                              				char _v8;
                                                                                                                                                              				char _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				char _v44;
                                                                                                                                                              				unsigned int _v48;
                                                                                                                                                              				void* _v49;
                                                                                                                                                              				signed int _v50;
                                                                                                                                                              				void* _v56;
                                                                                                                                                              				signed int _v60;
                                                                                                                                                              				intOrPtr* _v64;
                                                                                                                                                              				short _v66;
                                                                                                                                                              				intOrPtr _v72;
                                                                                                                                                              				signed int _v76;
                                                                                                                                                              				intOrPtr _v80;
                                                                                                                                                              				signed int _v84;
                                                                                                                                                              				intOrPtr _v88;
                                                                                                                                                              				signed int _v92;
                                                                                                                                                              				signed int _v96;
                                                                                                                                                              				signed int _v100;
                                                                                                                                                              				signed int _v104;
                                                                                                                                                              				intOrPtr _v108;
                                                                                                                                                              				signed int _t81;
                                                                                                                                                              				signed int _t82;
                                                                                                                                                              				long _t87;
                                                                                                                                                              				intOrPtr _t89;
                                                                                                                                                              				signed int _t98;
                                                                                                                                                              				signed int _t107;
                                                                                                                                                              				signed int _t109;
                                                                                                                                                              				void* _t114;
                                                                                                                                                              				intOrPtr _t116;
                                                                                                                                                              				signed int _t119;
                                                                                                                                                              				intOrPtr _t129;
                                                                                                                                                              				intOrPtr _t143;
                                                                                                                                                              				void* _t152;
                                                                                                                                                              				void* _t153;
                                                                                                                                                              				signed int _t154;
                                                                                                                                                              
                                                                                                                                                              				_t153 = __esi;
                                                                                                                                                              				_t152 = __edi;
                                                                                                                                                              				_t142 = __edx;
                                                                                                                                                              				_t114 = __ebx;
                                                                                                                                                              				_push(0xffffffff);
                                                                                                                                                              				_push(0x113661d);
                                                                                                                                                              				_push( *[fs:0x0]);
                                                                                                                                                              				_t81 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_t82 = _t81 ^ _t154;
                                                                                                                                                              				_v20 = _t82;
                                                                                                                                                              				_push(_t82);
                                                                                                                                                              				 *[fs:0x0] =  &_v16;
                                                                                                                                                              				_v72 = __ecx;
                                                                                                                                                              				_v60 = 0;
                                                                                                                                                              				if( *((intOrPtr*)(_v72 + 8)) != 0) {
                                                                                                                                                              					_v48 = 0;
                                                                                                                                                              					_t143 =  *0x11435a8; // 0x6f27fd20
                                                                                                                                                              					_v80 = _t143;
                                                                                                                                                              					_t116 = _v72;
                                                                                                                                                              					_t142 =  *((intOrPtr*)(_t116 + 8));
                                                                                                                                                              					_v80( *((intOrPtr*)(_t116 + 8)), 0x16, 0, 0,  &_v48, 0);
                                                                                                                                                              					_t87 = GetLastError();
                                                                                                                                                              					__eflags = _t87 - 0x7a;
                                                                                                                                                              					if(_t87 != 0x7a) {
                                                                                                                                                              						E010F6570(_a4, L"-1L");
                                                                                                                                                              						_t119 = _v60 | 0x00000001;
                                                                                                                                                              						__eflags = _t119;
                                                                                                                                                              						_v60 = _t119;
                                                                                                                                                              						_t89 = _a4;
                                                                                                                                                              					} else {
                                                                                                                                                              						E010F6570( &_v44, L"-2L");
                                                                                                                                                              						_v8 = 0;
                                                                                                                                                              						_v84 = E0111C782((_v48 >> 1) * 2 >> 0x20, __eflags);
                                                                                                                                                              						_v56 = _v84;
                                                                                                                                                              						_t129 =  *0x11435a8; // 0x6f27fd20
                                                                                                                                                              						_v88 = _t129;
                                                                                                                                                              						_t98 = _v88( *((intOrPtr*)(_v72 + 8)), 0x16, 0, _v56,  &_v48, 0,  ~(0 | __eflags > 0x00000000) | (_v48 >> 0x00000001) * 0x00000002);
                                                                                                                                                              						__eflags = _t98;
                                                                                                                                                              						if(_t98 == 0) {
                                                                                                                                                              							_v49 = 0;
                                                                                                                                                              						} else {
                                                                                                                                                              							_v49 = 1;
                                                                                                                                                              						}
                                                                                                                                                              						_v50 = _v49;
                                                                                                                                                              						__eflags = _v50 & 0x000000ff;
                                                                                                                                                              						if((_v50 & 0x000000ff) != 0) {
                                                                                                                                                              							_v64 = _v56;
                                                                                                                                                              							_t107 = _v64 + 2;
                                                                                                                                                              							__eflags = _t107;
                                                                                                                                                              							_v92 = _t107;
                                                                                                                                                              							do {
                                                                                                                                                              								_v66 =  *_v64;
                                                                                                                                                              								_v64 = _v64 + 2;
                                                                                                                                                              								__eflags = _v66;
                                                                                                                                                              							} while (_v66 != 0);
                                                                                                                                                              							_t109 = _v64 - _v92;
                                                                                                                                                              							__eflags = _t109;
                                                                                                                                                              							_v96 = _t109 >> 1;
                                                                                                                                                              							_v100 = _v96;
                                                                                                                                                              							_v104 = _v100;
                                                                                                                                                              							E010F7950(_t114,  &_v44, _t152, _t153, _v56, _v104); // executed
                                                                                                                                                              						}
                                                                                                                                                              						_v76 = _v56;
                                                                                                                                                              						L0111C7AE(_v76);
                                                                                                                                                              						__eflags = _v76;
                                                                                                                                                              						if(_v76 != 0) {
                                                                                                                                                              							_v56 = 0x8123;
                                                                                                                                                              							_v108 = _v56;
                                                                                                                                                              						} else {
                                                                                                                                                              							_v108 = 0;
                                                                                                                                                              						}
                                                                                                                                                              						_t142 =  &_v44;
                                                                                                                                                              						E01113320(_a4,  &_v44);
                                                                                                                                                              						_v60 = _v60 | 0x00000001;
                                                                                                                                                              						_v8 = 0xffffffff;
                                                                                                                                                              						E010F7810( &_v44);
                                                                                                                                                              						_t89 = _a4;
                                                                                                                                                              					}
                                                                                                                                                              				} else {
                                                                                                                                                              					E010F6570(_a4, 0x113d11c);
                                                                                                                                                              					_v60 = _v60 | 0x00000001;
                                                                                                                                                              					_t89 = _a4;
                                                                                                                                                              				}
                                                                                                                                                              				 *[fs:0x0] = _v16;
                                                                                                                                                              				return E0111C2E8(_t89, _t114, _v20 ^ _t154, _t142, _t152, _t153);
                                                                                                                                                              			}







































                                                                                                                                                              0x01112e30
                                                                                                                                                              0x01112e30
                                                                                                                                                              0x01112e30
                                                                                                                                                              0x01112e30
                                                                                                                                                              0x01112e33
                                                                                                                                                              0x01112e35
                                                                                                                                                              0x01112e40
                                                                                                                                                              0x01112e44
                                                                                                                                                              0x01112e49
                                                                                                                                                              0x01112e4b
                                                                                                                                                              0x01112e4e
                                                                                                                                                              0x01112e52
                                                                                                                                                              0x01112e58
                                                                                                                                                              0x01112e5b
                                                                                                                                                              0x01112e69
                                                                                                                                                              0x01112e89
                                                                                                                                                              0x01112e90
                                                                                                                                                              0x01112e96
                                                                                                                                                              0x01112ea5
                                                                                                                                                              0x01112ea8
                                                                                                                                                              0x01112eac
                                                                                                                                                              0x01112eaf
                                                                                                                                                              0x01112eb5
                                                                                                                                                              0x01112eb8
                                                                                                                                                              0x01112fe2
                                                                                                                                                              0x01112fea
                                                                                                                                                              0x01112fea
                                                                                                                                                              0x01112fed
                                                                                                                                                              0x01112ff0
                                                                                                                                                              0x01112ebe
                                                                                                                                                              0x01112ec6
                                                                                                                                                              0x01112ecb
                                                                                                                                                              0x01112ef0
                                                                                                                                                              0x01112ef6
                                                                                                                                                              0x01112ef9
                                                                                                                                                              0x01112eff
                                                                                                                                                              0x01112f17
                                                                                                                                                              0x01112f1a
                                                                                                                                                              0x01112f1c
                                                                                                                                                              0x01112f24
                                                                                                                                                              0x01112f1e
                                                                                                                                                              0x01112f1e
                                                                                                                                                              0x01112f1e
                                                                                                                                                              0x01112f2b
                                                                                                                                                              0x01112f32
                                                                                                                                                              0x01112f34
                                                                                                                                                              0x01112f39
                                                                                                                                                              0x01112f3f
                                                                                                                                                              0x01112f3f
                                                                                                                                                              0x01112f42
                                                                                                                                                              0x01112f45
                                                                                                                                                              0x01112f4b
                                                                                                                                                              0x01112f4f
                                                                                                                                                              0x01112f53
                                                                                                                                                              0x01112f53
                                                                                                                                                              0x01112f5d
                                                                                                                                                              0x01112f5d
                                                                                                                                                              0x01112f62
                                                                                                                                                              0x01112f68
                                                                                                                                                              0x01112f6e
                                                                                                                                                              0x01112f7c
                                                                                                                                                              0x01112f7c
                                                                                                                                                              0x01112f84
                                                                                                                                                              0x01112f8b
                                                                                                                                                              0x01112f93
                                                                                                                                                              0x01112f97
                                                                                                                                                              0x01112fa2
                                                                                                                                                              0x01112fac
                                                                                                                                                              0x01112f99
                                                                                                                                                              0x01112f99
                                                                                                                                                              0x01112f99
                                                                                                                                                              0x01112faf
                                                                                                                                                              0x01112fb6
                                                                                                                                                              0x01112fc1
                                                                                                                                                              0x01112fc4
                                                                                                                                                              0x01112fce
                                                                                                                                                              0x01112fd3
                                                                                                                                                              0x01112fd3
                                                                                                                                                              0x01112e6b
                                                                                                                                                              0x01112e73
                                                                                                                                                              0x01112e7e
                                                                                                                                                              0x01112e81
                                                                                                                                                              0x01112e81
                                                                                                                                                              0x01112ff6
                                                                                                                                                              0x0111300b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                              • String ID: -1L$-2L
                                                                                                                                                              • API String ID: 1452528299-3975959154
                                                                                                                                                              • Opcode ID: a7737f3f4c1ad3b9855757d3faed4e50c2f3155339c7433d7bfd1888fc590906
                                                                                                                                                              • Instruction ID: 676875c8f52b301b9ab8406e20cb5ed42a67824971b4201f37b430dd318a0b90
                                                                                                                                                              • Opcode Fuzzy Hash: a7737f3f4c1ad3b9855757d3faed4e50c2f3155339c7433d7bfd1888fc590906
                                                                                                                                                              • Instruction Fuzzy Hash: 325116B0E00248AFDB18DF98D985BEDFBB1FF48710F208129E516AB384DB74A945CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E01125B34(int _a4) {
                                                                                                                                                              				void* _t8;
                                                                                                                                                              				void* _t10;
                                                                                                                                                              
                                                                                                                                                              				if(E01125B65(_t8, _t10) != 0) {
                                                                                                                                                              					TerminateProcess(GetCurrentProcess(), _a4);
                                                                                                                                                              				}
                                                                                                                                                              				E01125B87(_a4);
                                                                                                                                                              				ExitProcess(_a4);
                                                                                                                                                              			}





                                                                                                                                                              0x01125b40
                                                                                                                                                              0x01125b4c
                                                                                                                                                              0x01125b4c
                                                                                                                                                              0x01125b55
                                                                                                                                                              0x01125b5e

                                                                                                                                                              APIs
                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,01125B2E,00000000,0111F731,?,?,90716B2B,0111F731,?), ref: 01125B45
                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,01125B2E,00000000,0111F731,?,?,90716B2B,0111F731,?), ref: 01125B4C
                                                                                                                                                              • ExitProcess.KERNEL32 ref: 01125B5E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                              • Opcode ID: 2956a86e693d9b6c1649f5fa30d83e1acde8838e39740b59e885c64f8dfc1c94
                                                                                                                                                              • Instruction ID: 563ff1d2f875c12d71a28e20b62e242c36480a22ffccc8cd6a9d77dfeab959f7
                                                                                                                                                              • Opcode Fuzzy Hash: 2956a86e693d9b6c1649f5fa30d83e1acde8838e39740b59e885c64f8dfc1c94
                                                                                                                                                              • Instruction Fuzzy Hash: AFD09EB1000115AFDF693F64DC4C9897F67AF453557448020FA194A0A8CB329DA1DF50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 118 112a150-112a16f 119 112a175-112a177 118->119 120 112a349 118->120 121 112a1a3-112a1c9 119->121 122 112a179-112a198 call 111f8b1 119->122 123 112a34b-112a34f 120->123 125 112a1cb-112a1cd 121->125 126 112a1cf-112a1d5 121->126 129 112a19b-112a19e 122->129 125->126 128 112a1d7-112a1e1 125->128 126->122 126->128 130 112a1e3-112a1ee call 112fc0b 128->130 131 112a1f1-112a1fc call 1129c9d 128->131 129->123 130->131 136 112a23e-112a250 131->136 137 112a1fe-112a203 131->137 140 112a252-112a258 136->140 141 112a2a1-112a2c1 WriteFile 136->141 138 112a205-112a209 137->138 139 112a228-112a23c call 1129863 137->139 142 112a311-112a323 138->142 143 112a20f-112a21e call 1129c35 138->143 161 112a221-112a223 139->161 147 112a25a-112a25d 140->147 148 112a28f-112a29f call 1129d1b 140->148 145 112a2c3-112a2c9 GetLastError 141->145 146 112a2cc 141->146 149 112a325-112a32b 142->149 150 112a32d-112a33f 142->150 143->161 145->146 154 112a2cf-112a2da 146->154 155 112a25f-112a262 147->155 156 112a27d-112a28d call 1129edf 147->156 166 112a278-112a27b 148->166 149->120 149->150 150->129 162 112a344-112a347 154->162 163 112a2dc-112a2e1 154->163 155->142 157 112a268-112a273 call 1129df6 155->157 156->166 157->166 161->154 162->123 167 112a2e3-112a2e8 163->167 168 112a30f 163->168 166->161 169 112a301-112a30a call 1123865 167->169 170 112a2ea-112a2fc 167->170 168->142 169->129 170->129
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E0112A150(signed int _a4, void* _a8, signed int _a12, intOrPtr _a16) {
                                                                                                                                                              				void* _v5;
                                                                                                                                                              				void* _v12;
                                                                                                                                                              				long _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				signed int _v24;
                                                                                                                                                              				intOrPtr _v28;
                                                                                                                                                              				signed int _v32;
                                                                                                                                                              				signed int _v36;
                                                                                                                                                              				long _v44;
                                                                                                                                                              				char _v48;
                                                                                                                                                              				intOrPtr _v52;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				void* __ebp;
                                                                                                                                                              				void* _t78;
                                                                                                                                                              				intOrPtr _t82;
                                                                                                                                                              				char _t83;
                                                                                                                                                              				signed char _t85;
                                                                                                                                                              				signed int _t87;
                                                                                                                                                              				signed int _t90;
                                                                                                                                                              				signed int _t92;
                                                                                                                                                              				signed int _t95;
                                                                                                                                                              				signed int _t96;
                                                                                                                                                              				signed int _t101;
                                                                                                                                                              				signed int _t104;
                                                                                                                                                              				signed int _t108;
                                                                                                                                                              				intOrPtr _t113;
                                                                                                                                                              				signed int _t114;
                                                                                                                                                              				intOrPtr _t117;
                                                                                                                                                              				signed int _t119;
                                                                                                                                                              				struct _OVERLAPPED* _t120;
                                                                                                                                                              				signed int _t123;
                                                                                                                                                              				signed int _t124;
                                                                                                                                                              				signed int _t127;
                                                                                                                                                              				struct _OVERLAPPED* _t129;
                                                                                                                                                              				void* _t132;
                                                                                                                                                              
                                                                                                                                                              				_t114 = _a12;
                                                                                                                                                              				_t78 = _a8;
                                                                                                                                                              				_v12 = _t78;
                                                                                                                                                              				_v16 = _t114;
                                                                                                                                                              				_t113 = _a16;
                                                                                                                                                              				_t124 = _a4;
                                                                                                                                                              				if(_t114 == 0) {
                                                                                                                                                              					L36:
                                                                                                                                                              					__eflags = 0;
                                                                                                                                                              					return 0;
                                                                                                                                                              				}
                                                                                                                                                              				if(_t78 != 0) {
                                                                                                                                                              					_t127 = _t124 >> 6;
                                                                                                                                                              					_t123 = (_t124 & 0x0000003f) * 0x38;
                                                                                                                                                              					_v20 = _t127;
                                                                                                                                                              					_t82 =  *((intOrPtr*)(0x11431b8 + _t127 * 4));
                                                                                                                                                              					_v52 = _t82;
                                                                                                                                                              					_v24 = _t123;
                                                                                                                                                              					_t83 =  *((intOrPtr*)(_t123 + _t82 + 0x29));
                                                                                                                                                              					_v5 = _t83;
                                                                                                                                                              					__eflags = _t83 - 2;
                                                                                                                                                              					if(_t83 == 2) {
                                                                                                                                                              						L6:
                                                                                                                                                              						_t85 =  !_t114;
                                                                                                                                                              						__eflags = _t85 & 0x00000001;
                                                                                                                                                              						if((_t85 & 0x00000001) == 0) {
                                                                                                                                                              							goto L2;
                                                                                                                                                              						}
                                                                                                                                                              						L7:
                                                                                                                                                              						_t129 = 0;
                                                                                                                                                              						__eflags =  *(_t123 + _v52 + 0x28) & 0x00000020;
                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                              							E0112FC0B(_t124, 0, 0, 2, _t113);
                                                                                                                                                              							_t132 = _t132 + 0x14;
                                                                                                                                                              						}
                                                                                                                                                              						_t90 = E01129C9D(_t114, _t123, __eflags, _t124, _t113);
                                                                                                                                                              						__eflags = _t90;
                                                                                                                                                              						if(_t90 == 0) {
                                                                                                                                                              							_t117 =  *((intOrPtr*)(0x11431b8 + _v20 * 4));
                                                                                                                                                              							_t92 = _v24;
                                                                                                                                                              							__eflags =  *((char*)(_t92 + _t117 + 0x28));
                                                                                                                                                              							if( *((char*)(_t92 + _t117 + 0x28)) >= 0) {
                                                                                                                                                              								asm("stosd");
                                                                                                                                                              								asm("stosd");
                                                                                                                                                              								asm("stosd");
                                                                                                                                                              								_t95 = WriteFile( *(_t92 + _t117 + 0x18), _v12, _v16,  &_v44, _t129); // executed
                                                                                                                                                              								__eflags = _t95;
                                                                                                                                                              								if(_t95 == 0) {
                                                                                                                                                              									_v48 = GetLastError();
                                                                                                                                                              								}
                                                                                                                                                              								goto L26;
                                                                                                                                                              							}
                                                                                                                                                              							_t101 = _v5 - _t129;
                                                                                                                                                              							__eflags = _t101;
                                                                                                                                                              							if(_t101 == 0) {
                                                                                                                                                              								E01129D1B( &_v48, _t124, _v12, _v16);
                                                                                                                                                              								L20:
                                                                                                                                                              								goto L13;
                                                                                                                                                              							}
                                                                                                                                                              							_t104 = _t101 - 1;
                                                                                                                                                              							__eflags = _t104;
                                                                                                                                                              							if(_t104 == 0) {
                                                                                                                                                              								_t103 = E01129EDF( &_v48, _t124, _v12, _v16);
                                                                                                                                                              								goto L20;
                                                                                                                                                              							}
                                                                                                                                                              							__eflags = _t104 != 1;
                                                                                                                                                              							if(_t104 != 1) {
                                                                                                                                                              								goto L32;
                                                                                                                                                              							}
                                                                                                                                                              							_t103 = E01129DF6( &_v48, _t124, _v12, _v16);
                                                                                                                                                              							goto L20;
                                                                                                                                                              						} else {
                                                                                                                                                              							_t108 = _v5;
                                                                                                                                                              							__eflags = _t108;
                                                                                                                                                              							if(_t108 == 0) {
                                                                                                                                                              								_t103 = E01129863( &_v48, _t124, _v12, _v16, _t113);
                                                                                                                                                              								L13:
                                                                                                                                                              								L26:
                                                                                                                                                              								asm("movsd");
                                                                                                                                                              								asm("movsd");
                                                                                                                                                              								asm("movsd");
                                                                                                                                                              								_t96 = _v32;
                                                                                                                                                              								__eflags = _t96;
                                                                                                                                                              								if(_t96 != 0) {
                                                                                                                                                              									return _t96 - _v28;
                                                                                                                                                              								}
                                                                                                                                                              								_t87 = _v36;
                                                                                                                                                              								__eflags = _t87;
                                                                                                                                                              								if(_t87 == 0) {
                                                                                                                                                              									_t129 = 0;
                                                                                                                                                              									__eflags = 0;
                                                                                                                                                              									L32:
                                                                                                                                                              									_t119 = _v24;
                                                                                                                                                              									_t87 =  *(0x11431b8 + _v20 * 4);
                                                                                                                                                              									__eflags =  *(_t119 + _t87 + 0x28) & 0x00000040;
                                                                                                                                                              									if(( *(_t119 + _t87 + 0x28) & 0x00000040) == 0) {
                                                                                                                                                              										L34:
                                                                                                                                                              										 *((char*)(_t113 + 0x1c)) = 1;
                                                                                                                                                              										 *((intOrPtr*)(_t113 + 0x18)) = 0x1c;
                                                                                                                                                              										 *((char*)(_t113 + 0x24)) = 1;
                                                                                                                                                              										 *(_t113 + 0x20) = _t129;
                                                                                                                                                              										L3:
                                                                                                                                                              										return _t87 | 0xffffffff;
                                                                                                                                                              									}
                                                                                                                                                              									_t87 = _v12;
                                                                                                                                                              									__eflags =  *_t87 - 0x1a;
                                                                                                                                                              									if( *_t87 == 0x1a) {
                                                                                                                                                              										goto L36;
                                                                                                                                                              									}
                                                                                                                                                              									goto L34;
                                                                                                                                                              								}
                                                                                                                                                              								_t120 = 5;
                                                                                                                                                              								__eflags = _t87 - _t120;
                                                                                                                                                              								if(_t87 != _t120) {
                                                                                                                                                              									_t87 = E01123865(_t87, _t113);
                                                                                                                                                              								} else {
                                                                                                                                                              									 *((char*)(_t113 + 0x1c)) = 1;
                                                                                                                                                              									 *((intOrPtr*)(_t113 + 0x18)) = 9;
                                                                                                                                                              									 *((char*)(_t113 + 0x24)) = 1;
                                                                                                                                                              									 *(_t113 + 0x20) = _t120;
                                                                                                                                                              								}
                                                                                                                                                              								goto L3;
                                                                                                                                                              							}
                                                                                                                                                              							__eflags = _t108 - 1 - 1;
                                                                                                                                                              							if(_t108 - 1 > 1) {
                                                                                                                                                              								goto L32;
                                                                                                                                                              							}
                                                                                                                                                              							E01129C35( &_v48, _v12, _v16);
                                                                                                                                                              							goto L13;
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					__eflags = _t83 - 1;
                                                                                                                                                              					if(_t83 != 1) {
                                                                                                                                                              						goto L7;
                                                                                                                                                              					}
                                                                                                                                                              					goto L6;
                                                                                                                                                              				}
                                                                                                                                                              				L2:
                                                                                                                                                              				 *((char*)(_t113 + 0x24)) = 1;
                                                                                                                                                              				 *(_t113 + 0x20) = 0;
                                                                                                                                                              				 *((char*)(_t113 + 0x1c)) = 1;
                                                                                                                                                              				 *((intOrPtr*)(_t113 + 0x18)) = 0x16;
                                                                                                                                                              				_t87 = E0111F8B1(_t124, _t127, 0, 0, 0, 0, 0, _t113);
                                                                                                                                                              				goto L3;
                                                                                                                                                              			}







































                                                                                                                                                              0x0112a158
                                                                                                                                                              0x0112a15b
                                                                                                                                                              0x0112a15e
                                                                                                                                                              0x0112a161
                                                                                                                                                              0x0112a165
                                                                                                                                                              0x0112a16a
                                                                                                                                                              0x0112a16f
                                                                                                                                                              0x0112a349
                                                                                                                                                              0x0112a349
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a349
                                                                                                                                                              0x0112a177
                                                                                                                                                              0x0112a1aa
                                                                                                                                                              0x0112a1ad
                                                                                                                                                              0x0112a1b0
                                                                                                                                                              0x0112a1b3
                                                                                                                                                              0x0112a1ba
                                                                                                                                                              0x0112a1bd
                                                                                                                                                              0x0112a1c0
                                                                                                                                                              0x0112a1c4
                                                                                                                                                              0x0112a1c7
                                                                                                                                                              0x0112a1c9
                                                                                                                                                              0x0112a1cf
                                                                                                                                                              0x0112a1d1
                                                                                                                                                              0x0112a1d3
                                                                                                                                                              0x0112a1d5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a1d7
                                                                                                                                                              0x0112a1da
                                                                                                                                                              0x0112a1dc
                                                                                                                                                              0x0112a1e1
                                                                                                                                                              0x0112a1e9
                                                                                                                                                              0x0112a1ee
                                                                                                                                                              0x0112a1ee
                                                                                                                                                              0x0112a1f3
                                                                                                                                                              0x0112a1fa
                                                                                                                                                              0x0112a1fc
                                                                                                                                                              0x0112a241
                                                                                                                                                              0x0112a248
                                                                                                                                                              0x0112a24b
                                                                                                                                                              0x0112a250
                                                                                                                                                              0x0112a2aa
                                                                                                                                                              0x0112a2ac
                                                                                                                                                              0x0112a2ad
                                                                                                                                                              0x0112a2b9
                                                                                                                                                              0x0112a2bf
                                                                                                                                                              0x0112a2c1
                                                                                                                                                              0x0112a2c9
                                                                                                                                                              0x0112a2c9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a2cc
                                                                                                                                                              0x0112a256
                                                                                                                                                              0x0112a256
                                                                                                                                                              0x0112a258
                                                                                                                                                              0x0112a29a
                                                                                                                                                              0x0112a278
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a278
                                                                                                                                                              0x0112a25a
                                                                                                                                                              0x0112a25a
                                                                                                                                                              0x0112a25d
                                                                                                                                                              0x0112a288
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a288
                                                                                                                                                              0x0112a25f
                                                                                                                                                              0x0112a262
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a273
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a1fe
                                                                                                                                                              0x0112a1fe
                                                                                                                                                              0x0112a201
                                                                                                                                                              0x0112a203
                                                                                                                                                              0x0112a234
                                                                                                                                                              0x0112a221
                                                                                                                                                              0x0112a2cf
                                                                                                                                                              0x0112a2d2
                                                                                                                                                              0x0112a2d3
                                                                                                                                                              0x0112a2d4
                                                                                                                                                              0x0112a2d5
                                                                                                                                                              0x0112a2d8
                                                                                                                                                              0x0112a2da
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a344
                                                                                                                                                              0x0112a2dc
                                                                                                                                                              0x0112a2df
                                                                                                                                                              0x0112a2e1
                                                                                                                                                              0x0112a30f
                                                                                                                                                              0x0112a30f
                                                                                                                                                              0x0112a311
                                                                                                                                                              0x0112a314
                                                                                                                                                              0x0112a317
                                                                                                                                                              0x0112a31e
                                                                                                                                                              0x0112a323
                                                                                                                                                              0x0112a32d
                                                                                                                                                              0x0112a32d
                                                                                                                                                              0x0112a331
                                                                                                                                                              0x0112a338
                                                                                                                                                              0x0112a33c
                                                                                                                                                              0x0112a19b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a19b
                                                                                                                                                              0x0112a325
                                                                                                                                                              0x0112a328
                                                                                                                                                              0x0112a32b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a32b
                                                                                                                                                              0x0112a2e5
                                                                                                                                                              0x0112a2e6
                                                                                                                                                              0x0112a2e8
                                                                                                                                                              0x0112a303
                                                                                                                                                              0x0112a2ea
                                                                                                                                                              0x0112a2ea
                                                                                                                                                              0x0112a2ee
                                                                                                                                                              0x0112a2f5
                                                                                                                                                              0x0112a2f9
                                                                                                                                                              0x0112a2f9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a2e8
                                                                                                                                                              0x0112a207
                                                                                                                                                              0x0112a209
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a219
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a21e
                                                                                                                                                              0x0112a1fc
                                                                                                                                                              0x0112a1cb
                                                                                                                                                              0x0112a1cd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a1cd
                                                                                                                                                              0x0112a179
                                                                                                                                                              0x0112a17b
                                                                                                                                                              0x0112a183
                                                                                                                                                              0x0112a187
                                                                                                                                                              0x0112a18c
                                                                                                                                                              0x0112a193
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 01129863: GetConsoleOutputCP.KERNEL32(90716B2B,?,00000000,?), ref: 011298C6
                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,00000000,?,?,01127F2D,?), ref: 0112A2B9
                                                                                                                                                              • GetLastError.KERNEL32(?,?,01127F2D,?,01127DBC,00000000,?,00000000,01127DBC,?,?,?,01140E80,0000002C,01127E2D,?), ref: 0112A2C3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2915228174-0
                                                                                                                                                              • Opcode ID: 3a77c4aba8a8c68828ee9011c58a042f6756c5d5219c1ff97a4c0f81ee4b136d
                                                                                                                                                              • Instruction ID: d98e78b2c940c30833c4b0100c8d3609161c7f1fd8d2f3460b51139a03ebd16e
                                                                                                                                                              • Opcode Fuzzy Hash: 3a77c4aba8a8c68828ee9011c58a042f6756c5d5219c1ff97a4c0f81ee4b136d
                                                                                                                                                              • Instruction Fuzzy Hash: EC61B375D0426AAFDF1DCFACD884AEEBFB9AF0A318F040055E910A7242D371D965CB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 173 1127a11-1127a1a 174 1127a49-1127a4a 173->174 175 1127a1c-1127a2f RtlFreeHeap 173->175 175->174 176 1127a31-1127a48 GetLastError call 11237ff call 112389c 175->176 176->174
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E01127A11(void* _a4) {
                                                                                                                                                              				char _t3;
                                                                                                                                                              				intOrPtr _t5;
                                                                                                                                                              				intOrPtr* _t6;
                                                                                                                                                              
                                                                                                                                                              				if(_a4 != 0) {
                                                                                                                                                              					_t3 = RtlFreeHeap( *0x1143540, 0, _a4); // executed
                                                                                                                                                              					if(_t3 == 0) {
                                                                                                                                                              						_t5 = E011237FF(GetLastError());
                                                                                                                                                              						_t6 = E0112389C();
                                                                                                                                                              						 *_t6 = _t5;
                                                                                                                                                              						return _t6;
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              				return _t3;
                                                                                                                                                              			}






                                                                                                                                                              0x01127a1a
                                                                                                                                                              0x01127a27
                                                                                                                                                              0x01127a2f
                                                                                                                                                              0x01127a39
                                                                                                                                                              0x01127a41
                                                                                                                                                              0x01127a46
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01127a48
                                                                                                                                                              0x01127a2f
                                                                                                                                                              0x01127a4a

                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,0112C306,?,00000000,?,?,0112C32B,?,00000007,?,?,0112C733,?,?), ref: 01127A27
                                                                                                                                                              • GetLastError.KERNEL32(?,?,0112C306,?,00000000,?,?,0112C32B,?,00000007,?,?,0112C733,?,?), ref: 01127A32
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                              • Opcode ID: b850c42b21c6d484c08fab5af23761a70429500176ff872d3bf526e95e542e24
                                                                                                                                                              • Instruction ID: 0dec0caaecf078fb0fab49e50dd593db1b2de3aaf1dd859abb0a6e70ae275d7c
                                                                                                                                                              • Opcode Fuzzy Hash: b850c42b21c6d484c08fab5af23761a70429500176ff872d3bf526e95e542e24
                                                                                                                                                              • Instruction Fuzzy Hash: 69E08C76100225ABCB292BE8A808B9A7F68FB15765F180030F628CA1A4DB3585B087C4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 181 112a679-112a684 182 112a692-112a698 181->182 183 112a686-112a690 181->183 185 112a6b1-112a6c2 RtlAllocateHeap 182->185 186 112a69a-112a69b 182->186 183->182 184 112a6c6-112a6d1 call 112389c 183->184 190 112a6d3-112a6d5 184->190 187 112a6c4 185->187 188 112a69d-112a6a4 call 1126973 185->188 186->185 187->190 188->184 194 112a6a6-112a6af call 1125777 188->194 194->184 194->185
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0112A679(signed int _a4, signed int _a8) {
                                                                                                                                                              				void* _t8;
                                                                                                                                                              				void* _t12;
                                                                                                                                                              				signed int _t13;
                                                                                                                                                              				signed int _t18;
                                                                                                                                                              				long _t19;
                                                                                                                                                              
                                                                                                                                                              				_t18 = _a4;
                                                                                                                                                              				if(_t18 == 0) {
                                                                                                                                                              					L2:
                                                                                                                                                              					_t19 = _t18 * _a8;
                                                                                                                                                              					if(_t19 == 0) {
                                                                                                                                                              						_t19 = _t19 + 1;
                                                                                                                                                              					}
                                                                                                                                                              					while(1) {
                                                                                                                                                              						_t8 = RtlAllocateHeap( *0x1143540, 8, _t19); // executed
                                                                                                                                                              						if(_t8 != 0) {
                                                                                                                                                              							break;
                                                                                                                                                              						}
                                                                                                                                                              						__eflags = E01126973();
                                                                                                                                                              						if(__eflags == 0) {
                                                                                                                                                              							L8:
                                                                                                                                                              							 *((intOrPtr*)(E0112389C())) = 0xc;
                                                                                                                                                              							__eflags = 0;
                                                                                                                                                              							return 0;
                                                                                                                                                              						}
                                                                                                                                                              						_t12 = E01125777(__eflags, _t19);
                                                                                                                                                              						__eflags = _t12;
                                                                                                                                                              						if(_t12 == 0) {
                                                                                                                                                              							goto L8;
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					return _t8;
                                                                                                                                                              				}
                                                                                                                                                              				_t13 = 0xffffffe0;
                                                                                                                                                              				if(_t13 / _t18 < _a8) {
                                                                                                                                                              					goto L8;
                                                                                                                                                              				}
                                                                                                                                                              				goto L2;
                                                                                                                                                              			}








                                                                                                                                                              0x0112a67f
                                                                                                                                                              0x0112a684
                                                                                                                                                              0x0112a692
                                                                                                                                                              0x0112a692
                                                                                                                                                              0x0112a698
                                                                                                                                                              0x0112a69a
                                                                                                                                                              0x0112a69a
                                                                                                                                                              0x0112a6b1
                                                                                                                                                              0x0112a6ba
                                                                                                                                                              0x0112a6c2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a6a2
                                                                                                                                                              0x0112a6a4
                                                                                                                                                              0x0112a6c6
                                                                                                                                                              0x0112a6cb
                                                                                                                                                              0x0112a6d1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a6d1
                                                                                                                                                              0x0112a6a7
                                                                                                                                                              0x0112a6ad
                                                                                                                                                              0x0112a6af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a6af
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a6b1
                                                                                                                                                              0x0112a68a
                                                                                                                                                              0x0112a690
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,01127200,00000001,00000364,00000006,000000FF,?,00000000,?,0111F700,00000000,00000000), ref: 0112A6BA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 68895693bd285d26c419b479cec244ccedfb566700b48470730e18ec5a5599d2
                                                                                                                                                              • Instruction ID: 2b3110e857023bdb08806cc392f06df1a8f397bf639a00463dc70facd815a6b0
                                                                                                                                                              • Opcode Fuzzy Hash: 68895693bd285d26c419b479cec244ccedfb566700b48470730e18ec5a5599d2
                                                                                                                                                              • Instruction Fuzzy Hash: D8F0E035A00631ABAB3D1E25BC0479B7B59AFC1770B058031ED14E7594DB30D43087D5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 197 10e24e0-10e24f5 198 10e24fc-10e2500 call 111c4f3 197->198 199 10e24f7 call 10e1260 197->199 202 10e2505-10e2508 198->202 199->198 203 10e250b-10e250f 202->203 204 10e2513-10e251a call 111f93e 203->204 205 10e2511 203->205 207 10e251c-10e251e 204->207 205->207 207->203 209 10e2520-10e2543 207->209
                                                                                                                                                              APIs
                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMTD ref: 010E24F7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                                              • Opcode ID: 54b69b5414c581cb00c345c70a7ce21ee9c140a2bd3abf435cdeb8e31d6c367a
                                                                                                                                                              • Instruction ID: eb65a8de3538b8e082e2de065e621c740ffaeda7d7758e7f28857503350bfd9b
                                                                                                                                                              • Opcode Fuzzy Hash: 54b69b5414c581cb00c345c70a7ce21ee9c140a2bd3abf435cdeb8e31d6c367a
                                                                                                                                                              • Instruction Fuzzy Hash: 19F019B1E01509AFCF54EBA9C594AADF7F5EF44204F1081A9E8069B344E6309A519B85
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 210 10fb190-10fb1ab 211 10fb1ad call 10e1260 210->211 212 10fb1b2-10fb1c1 210->212 211->212 214 10fb1d4-10fb1d8 212->214 215 10fb1c3-10fb1d2 call 10e24e0 212->215 217 10fb1eb 214->217 218 10fb1da-10fb1de call 111c4f3 214->218 221 10fb1f2-10fb1f8 215->221 217->221 222 10fb1e3-10fb1e9 218->222 222->221
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E010FB190(void* __ebx, intOrPtr __ecx, signed int _a4) {
                                                                                                                                                              				char _v5;
                                                                                                                                                              				signed int _v12;
                                                                                                                                                              				intOrPtr _v16;
                                                                                                                                                              				intOrPtr _v20;
                                                                                                                                                              				intOrPtr _v24;
                                                                                                                                                              				intOrPtr _t18;
                                                                                                                                                              				void* _t21;
                                                                                                                                                              
                                                                                                                                                              				_t21 = __ebx;
                                                                                                                                                              				_v20 = __ecx;
                                                                                                                                                              				_v5 = 1;
                                                                                                                                                              				_v24 = 0x7fffffff;
                                                                                                                                                              				if(_a4 > 0x7fffffff) {
                                                                                                                                                              					E010E1260();
                                                                                                                                                              				}
                                                                                                                                                              				_v12 = _a4 << 1;
                                                                                                                                                              				if(_v12 < 0x1000) {
                                                                                                                                                              					__eflags = _v12;
                                                                                                                                                              					if(__eflags == 0) {
                                                                                                                                                              						_v16 = 0;
                                                                                                                                                              					} else {
                                                                                                                                                              						_push(_v12); // executed
                                                                                                                                                              						_t18 = E0111C4F3(_v12, __eflags); // executed
                                                                                                                                                              						_v16 = _t18;
                                                                                                                                                              					}
                                                                                                                                                              				} else {
                                                                                                                                                              					_v16 = E010E24E0(_t21, _v12);
                                                                                                                                                              				}
                                                                                                                                                              				return _v16;
                                                                                                                                                              			}










                                                                                                                                                              0x010fb190
                                                                                                                                                              0x010fb196
                                                                                                                                                              0x010fb199
                                                                                                                                                              0x010fb19d
                                                                                                                                                              0x010fb1ab
                                                                                                                                                              0x010fb1ad
                                                                                                                                                              0x010fb1ad
                                                                                                                                                              0x010fb1b7
                                                                                                                                                              0x010fb1c1
                                                                                                                                                              0x010fb1d4
                                                                                                                                                              0x010fb1d8
                                                                                                                                                              0x010fb1eb
                                                                                                                                                              0x010fb1da
                                                                                                                                                              0x010fb1dd
                                                                                                                                                              0x010fb1de
                                                                                                                                                              0x010fb1e6
                                                                                                                                                              0x010fb1e6
                                                                                                                                                              0x010fb1c3
                                                                                                                                                              0x010fb1cf
                                                                                                                                                              0x010fb1cf
                                                                                                                                                              0x010fb1f8

                                                                                                                                                              APIs
                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMTD ref: 010FB1AD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                                              • Opcode ID: 8e6fc79a48be0d83226385d352d55510f62dee121f625d989952545329975616
                                                                                                                                                              • Instruction ID: 3936cb23de6b645040ce5c62f03131e57edcf89778933f42d40ea00c31dc1ef7
                                                                                                                                                              • Opcode Fuzzy Hash: 8e6fc79a48be0d83226385d352d55510f62dee121f625d989952545329975616
                                                                                                                                                              • Instruction Fuzzy Hash: EFF0AFB0C0424CEFDF10EFA9C4452EEBBB4BB14344F1082ADD9612A280D7759284CF92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 223 1127f6a-1127f76 224 1127fa8-1127fb3 call 112389c 223->224 225 1127f78-1127f7a 223->225 233 1127fb5-1127fb7 224->233 226 1127f93-1127fa4 RtlAllocateHeap 225->226 227 1127f7c-1127f7d 225->227 229 1127fa6 226->229 230 1127f7f-1127f86 call 1126973 226->230 227->226 229->233 230->224 235 1127f88-1127f91 call 1125777 230->235 235->224 235->226
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E01127F6A(long _a4) {
                                                                                                                                                              				void* _t4;
                                                                                                                                                              				void* _t6;
                                                                                                                                                              				long _t8;
                                                                                                                                                              
                                                                                                                                                              				_t8 = _a4;
                                                                                                                                                              				if(_t8 > 0xffffffe0) {
                                                                                                                                                              					L7:
                                                                                                                                                              					 *((intOrPtr*)(E0112389C())) = 0xc;
                                                                                                                                                              					__eflags = 0;
                                                                                                                                                              					return 0;
                                                                                                                                                              				}
                                                                                                                                                              				if(_t8 == 0) {
                                                                                                                                                              					_t8 = _t8 + 1;
                                                                                                                                                              				}
                                                                                                                                                              				while(1) {
                                                                                                                                                              					_t4 = RtlAllocateHeap( *0x1143540, 0, _t8); // executed
                                                                                                                                                              					if(_t4 != 0) {
                                                                                                                                                              						break;
                                                                                                                                                              					}
                                                                                                                                                              					__eflags = E01126973();
                                                                                                                                                              					if(__eflags == 0) {
                                                                                                                                                              						goto L7;
                                                                                                                                                              					}
                                                                                                                                                              					_t6 = E01125777(__eflags, _t8);
                                                                                                                                                              					__eflags = _t6;
                                                                                                                                                              					if(_t6 == 0) {
                                                                                                                                                              						goto L7;
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              				return _t4;
                                                                                                                                                              			}






                                                                                                                                                              0x01127f70
                                                                                                                                                              0x01127f76
                                                                                                                                                              0x01127fa8
                                                                                                                                                              0x01127fad
                                                                                                                                                              0x01127fb3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01127fb3
                                                                                                                                                              0x01127f7a
                                                                                                                                                              0x01127f7c
                                                                                                                                                              0x01127f7c
                                                                                                                                                              0x01127f93
                                                                                                                                                              0x01127f9c
                                                                                                                                                              0x01127fa4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01127f84
                                                                                                                                                              0x01127f86
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01127f89
                                                                                                                                                              0x01127f8f
                                                                                                                                                              0x01127f91
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01127f91
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,010E231C,?,?,0111C50D,010E231C,?,010E231C,00000000,?,?,90716B2B), ref: 01127F9C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: a7224308551cc2f540149ceec402c987cbceb51a1850ee88082cecf7416e3093
                                                                                                                                                              • Instruction ID: d6b1d7fad56baefa7d17984c9a8879f885c864d27d4a8a60b42e7704b9035ead
                                                                                                                                                              • Opcode Fuzzy Hash: a7224308551cc2f540149ceec402c987cbceb51a1850ee88082cecf7416e3093
                                                                                                                                                              • Instruction Fuzzy Hash: BBE0653524C1319EEB3E26699C04F9B7A599F716A2F150130ED34971C0DBA4C83082E7
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                              			E0110F790(void* __edx, void* __edi, void* __esi) {
                                                                                                                                                              				intOrPtr _v8;
                                                                                                                                                              				signed int _v16;
                                                                                                                                                              				char _v276;
                                                                                                                                                              				intOrPtr _v288;
                                                                                                                                                              				intOrPtr _v292;
                                                                                                                                                              				intOrPtr _v296;
                                                                                                                                                              				intOrPtr _v300;
                                                                                                                                                              				intOrPtr _v304;
                                                                                                                                                              				intOrPtr _v308;
                                                                                                                                                              				intOrPtr _v312;
                                                                                                                                                              				intOrPtr _v316;
                                                                                                                                                              				intOrPtr _v320;
                                                                                                                                                              				intOrPtr _v324;
                                                                                                                                                              				intOrPtr _v328;
                                                                                                                                                              				intOrPtr _v332;
                                                                                                                                                              				signed int _v336;
                                                                                                                                                              				CHAR* _v340;
                                                                                                                                                              				char _v341;
                                                                                                                                                              				char _v342;
                                                                                                                                                              				char _v343;
                                                                                                                                                              				char _v344;
                                                                                                                                                              				char _v345;
                                                                                                                                                              				char _v346;
                                                                                                                                                              				char _v347;
                                                                                                                                                              				char _v348;
                                                                                                                                                              				char _v349;
                                                                                                                                                              				char _v350;
                                                                                                                                                              				char _v351;
                                                                                                                                                              				char _v352;
                                                                                                                                                              				char _v353;
                                                                                                                                                              				char _v354;
                                                                                                                                                              				signed int _v360;
                                                                                                                                                              				char* _v364;
                                                                                                                                                              				CHAR* _v368;
                                                                                                                                                              				intOrPtr* _v372;
                                                                                                                                                              				CHAR* _v376;
                                                                                                                                                              				signed short _v380;
                                                                                                                                                              				struct HINSTANCE__* _v384;
                                                                                                                                                              				signed int _v388;
                                                                                                                                                              				char _v392;
                                                                                                                                                              				char _v396;
                                                                                                                                                              				char _v400;
                                                                                                                                                              				char _v404;
                                                                                                                                                              				char _v408;
                                                                                                                                                              				char _v412;
                                                                                                                                                              				char _v416;
                                                                                                                                                              				char _v420;
                                                                                                                                                              				char* _v424;
                                                                                                                                                              				CHAR* _v428;
                                                                                                                                                              				char* _v432;
                                                                                                                                                              				char _v436;
                                                                                                                                                              				char _v440;
                                                                                                                                                              				char _v444;
                                                                                                                                                              				char _v448;
                                                                                                                                                              				signed short* _v452;
                                                                                                                                                              				signed int _v456;
                                                                                                                                                              				signed int _v460;
                                                                                                                                                              				intOrPtr _v464;
                                                                                                                                                              				intOrPtr _v468;
                                                                                                                                                              				intOrPtr _v472;
                                                                                                                                                              				signed int _v476;
                                                                                                                                                              				intOrPtr _v480;
                                                                                                                                                              				intOrPtr _v484;
                                                                                                                                                              				CHAR* _v488;
                                                                                                                                                              				intOrPtr _v492;
                                                                                                                                                              				intOrPtr _v496;
                                                                                                                                                              				intOrPtr _v504;
                                                                                                                                                              				char _v508;
                                                                                                                                                              				intOrPtr _v512;
                                                                                                                                                              				intOrPtr _v516;
                                                                                                                                                              				intOrPtr _v520;
                                                                                                                                                              				char _v524;
                                                                                                                                                              				intOrPtr _v528;
                                                                                                                                                              				char _v532;
                                                                                                                                                              				intOrPtr _v536;
                                                                                                                                                              				intOrPtr _v540;
                                                                                                                                                              				intOrPtr _v544;
                                                                                                                                                              				intOrPtr _v548;
                                                                                                                                                              				intOrPtr _v560;
                                                                                                                                                              				intOrPtr _v564;
                                                                                                                                                              				intOrPtr _v568;
                                                                                                                                                              				char _v572;
                                                                                                                                                              				intOrPtr _v576;
                                                                                                                                                              				intOrPtr _v580;
                                                                                                                                                              				intOrPtr _v584;
                                                                                                                                                              				char _v588;
                                                                                                                                                              				intOrPtr _v592;
                                                                                                                                                              				intOrPtr _v596;
                                                                                                                                                              				intOrPtr _v600;
                                                                                                                                                              				char _v604;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				signed int _t247;
                                                                                                                                                              				char _t257;
                                                                                                                                                              				signed int _t266;
                                                                                                                                                              				void* _t313;
                                                                                                                                                              				char _t331;
                                                                                                                                                              				char _t362;
                                                                                                                                                              				void* _t415;
                                                                                                                                                              				void* _t416;
                                                                                                                                                              				void* _t421;
                                                                                                                                                              				signed int _t424;
                                                                                                                                                              
                                                                                                                                                              				_t416 = __esi;
                                                                                                                                                              				_t415 = __edi;
                                                                                                                                                              				_t313 = _t421;
                                                                                                                                                              				_t424 = (_t421 - 0x00000008 & 0xfffffff0) + 4;
                                                                                                                                                              				_v8 =  *((intOrPtr*)(_t313 + 4));
                                                                                                                                                              				_t419 = _t424;
                                                                                                                                                              				_t247 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_v16 = _t247 ^ _t424;
                                                                                                                                                              				_v368 = 0;
                                                                                                                                                              				if( *((intOrPtr*)(_t313 + 8)) != 0) {
                                                                                                                                                              					_v452 =  *((intOrPtr*)(_t313 + 8));
                                                                                                                                                              					if(( *_v452 & 0x0000ffff) == 0x5a4d) {
                                                                                                                                                              						_v372 =  *((intOrPtr*)(_t313 + 8)) + _v452[0x1e];
                                                                                                                                                              						_t369 = _v372;
                                                                                                                                                              						if( *_v372 == 0x4550) {
                                                                                                                                                              							if(( *(_v372 + 0x18) & 0x0000ffff) != 0x20b) {
                                                                                                                                                              								_v340 =  *((intOrPtr*)(_v372 + 0x78)) +  *((intOrPtr*)(_t313 + 8));
                                                                                                                                                              								_v464 =  *((intOrPtr*)(_v372 + 0x7c));
                                                                                                                                                              							} else {
                                                                                                                                                              								_v340 =  *((intOrPtr*)(_v372 + 0x88)) +  *((intOrPtr*)(_t313 + 8));
                                                                                                                                                              								_v464 =  *((intOrPtr*)(_v372 + 0x8c));
                                                                                                                                                              							}
                                                                                                                                                              							_v472 =  *((intOrPtr*)(_t313 + 8)) +  *((intOrPtr*)(_v340 + 0x24));
                                                                                                                                                              							_v468 =  *((intOrPtr*)(_t313 + 8)) +  *((intOrPtr*)(_v340 + 0x20));
                                                                                                                                                              							_v480 =  *((intOrPtr*)(_t313 + 8)) +  *((intOrPtr*)(_v340 + 0x1c));
                                                                                                                                                              							_v360 = 0;
                                                                                                                                                              							while(1) {
                                                                                                                                                              								_t369 = _v360;
                                                                                                                                                              								if(_v360 >=  *((intOrPtr*)(_v340 + 0x14))) {
                                                                                                                                                              									break;
                                                                                                                                                              								}
                                                                                                                                                              								_v336 = 0xffff;
                                                                                                                                                              								_v456 = 0;
                                                                                                                                                              								if( *(_t313 + 0xc) > 0xffff) {
                                                                                                                                                              									if( *(_t313 + 0xc) <= 0xffff) {
                                                                                                                                                              										L17:
                                                                                                                                                              										_t257 = 0;
                                                                                                                                                              									} else {
                                                                                                                                                              										_t369 = _v340;
                                                                                                                                                              										if(_v360 >=  *((intOrPtr*)(_v340 + 0x18))) {
                                                                                                                                                              											goto L17;
                                                                                                                                                              										} else {
                                                                                                                                                              											_v456 =  *((intOrPtr*)(_t313 + 8)) +  *((intOrPtr*)(_v468 + _v360 * 4));
                                                                                                                                                              											_v336 =  *((intOrPtr*)(_v472 + _v360 * 2));
                                                                                                                                                              											goto L18;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								} else {
                                                                                                                                                              									_v336 = _v360;
                                                                                                                                                              									L18:
                                                                                                                                                              									if( *(_t313 + 0xc) > 0xffff || ( *(_t313 + 0xc) & 0x0000ffff) != (_v336 & 0x0000ffff) +  *((intOrPtr*)(_v340 + 0x10))) {
                                                                                                                                                              										if( *(_t313 + 0xc) <= 0xffff) {
                                                                                                                                                              											L38:
                                                                                                                                                              											_v360 = _v360 + 1;
                                                                                                                                                              											continue;
                                                                                                                                                              										} else {
                                                                                                                                                              											_v380 =  *(_t313 + 0xc);
                                                                                                                                                              											_v388 = _v456;
                                                                                                                                                              											while(1) {
                                                                                                                                                              												_t266 = _v388;
                                                                                                                                                              												_t331 =  *_t266;
                                                                                                                                                              												_v341 = _t331;
                                                                                                                                                              												if(_t331 !=  *_v380) {
                                                                                                                                                              													break;
                                                                                                                                                              												}
                                                                                                                                                              												if(_v341 == 0) {
                                                                                                                                                              													L26:
                                                                                                                                                              													_v460 = 0;
                                                                                                                                                              												} else {
                                                                                                                                                              													_t266 = _v388;
                                                                                                                                                              													_t362 =  *((intOrPtr*)(_t266 + 1));
                                                                                                                                                              													_v342 = _t362;
                                                                                                                                                              													if(_t362 !=  *((intOrPtr*)(_v380 + 1))) {
                                                                                                                                                              														break;
                                                                                                                                                              													} else {
                                                                                                                                                              														_v388 = _v388 + 2;
                                                                                                                                                              														_v380 = _v380 + 2;
                                                                                                                                                              														if(_v342 != 0) {
                                                                                                                                                              															continue;
                                                                                                                                                              														} else {
                                                                                                                                                              															goto L26;
                                                                                                                                                              														}
                                                                                                                                                              													}
                                                                                                                                                              												}
                                                                                                                                                              												L28:
                                                                                                                                                              												_v476 = _v460;
                                                                                                                                                              												if(_v476 != 0) {
                                                                                                                                                              													goto L38;
                                                                                                                                                              												} else {
                                                                                                                                                              													goto L29;
                                                                                                                                                              												}
                                                                                                                                                              												goto L40;
                                                                                                                                                              											}
                                                                                                                                                              											asm("sbb eax, eax");
                                                                                                                                                              											_v460 = _t266 | 0x00000001;
                                                                                                                                                              											goto L28;
                                                                                                                                                              										}
                                                                                                                                                              									} else {
                                                                                                                                                              										L29:
                                                                                                                                                              										_v368 =  *((intOrPtr*)(_t313 + 8)) +  *((intOrPtr*)(_v480 + (_v336 & 0x0000ffff) * 4));
                                                                                                                                                              										_t369 = _v368;
                                                                                                                                                              										if(_v368 < _v340 || _v368 > _v340 + _v464) {
                                                                                                                                                              											L37:
                                                                                                                                                              											break;
                                                                                                                                                              										} else {
                                                                                                                                                              											_v376 = 0;
                                                                                                                                                              											_v364 = 0;
                                                                                                                                                              											E0111DBB0(_t415,  &_v276, 0, 0x100);
                                                                                                                                                              											_v384 = 0;
                                                                                                                                                              											_v376 = E011253F7(_t313, _t415, _v368);
                                                                                                                                                              											_v343 = 0;
                                                                                                                                                              											_v344 = 0;
                                                                                                                                                              											_v345 = 0;
                                                                                                                                                              											_v436 = _v343;
                                                                                                                                                              											_v440 = _v344;
                                                                                                                                                              											_v444 = _v345;
                                                                                                                                                              											_v508 = 0x49f5ad09;
                                                                                                                                                              											_v504 = 0xb9b7b816;
                                                                                                                                                              											_v572 = _v508;
                                                                                                                                                              											_v568 = _v504;
                                                                                                                                                              											_v516 = 0x52ee2b68;
                                                                                                                                                              											_v512 = 0x3e2c95b7;
                                                                                                                                                              											_v564 = _v516;
                                                                                                                                                              											_v560 = _v512;
                                                                                                                                                              											_v424 =  &_v572;
                                                                                                                                                              											_v300 = 0x49f5ad27;
                                                                                                                                                              											_v296 = 0xb9b7b816;
                                                                                                                                                              											_v292 = 0x52ee2b68;
                                                                                                                                                              											_v288 = 0x3e2c95b7;
                                                                                                                                                              											_v346 = 0;
                                                                                                                                                              											_v448 = _v346;
                                                                                                                                                              											asm("movaps xmm0, [ebp-0x120]");
                                                                                                                                                              											asm("movaps [ebp-0x260], xmm0");
                                                                                                                                                              											asm("movups xmm0, [edx]");
                                                                                                                                                              											asm("movaps [ebp-0x2e0], xmm0");
                                                                                                                                                              											asm("movaps xmm0, [ebp-0x2e0]");
                                                                                                                                                              											asm("pxor xmm0, [ebp-0x260]");
                                                                                                                                                              											asm("movaps [ebp-0x270], xmm0");
                                                                                                                                                              											asm("movaps xmm0, [ebp-0x270]");
                                                                                                                                                              											asm("movups [eax], xmm0");
                                                                                                                                                              											_v484 = _v424;
                                                                                                                                                              											_v364 = E0111D5D0(_v376, _v484);
                                                                                                                                                              											 *_v364 = 0;
                                                                                                                                                              											_v364 = _v364 + 1;
                                                                                                                                                              											lstrcpyA( &_v276, _v376);
                                                                                                                                                              											_v347 = 0;
                                                                                                                                                              											_v348 = 0;
                                                                                                                                                              											_v349 = 0;
                                                                                                                                                              											_v392 = _v347;
                                                                                                                                                              											_v396 = _v348;
                                                                                                                                                              											_v400 = _v349;
                                                                                                                                                              											_v524 = 0x2599c909;
                                                                                                                                                              											_v520 = 0xb9b7b816;
                                                                                                                                                              											_v588 = _v524;
                                                                                                                                                              											_v584 = _v520;
                                                                                                                                                              											_v548 = 0x52ee2b68;
                                                                                                                                                              											_v544 = 0x3e2c95b7;
                                                                                                                                                              											_v580 = _v548;
                                                                                                                                                              											_v576 = _v544;
                                                                                                                                                              											_v428 =  &_v588;
                                                                                                                                                              											_v316 = 0x49f5ad27;
                                                                                                                                                              											_v312 = 0xb9b7b816;
                                                                                                                                                              											_v308 = 0x52ee2b68;
                                                                                                                                                              											_v304 = 0x3e2c95b7;
                                                                                                                                                              											_v350 = 0;
                                                                                                                                                              											_v404 = _v350;
                                                                                                                                                              											asm("movaps xmm0, [ebp-0x130]");
                                                                                                                                                              											asm("movaps [ebp-0x290], xmm0");
                                                                                                                                                              											asm("movups xmm0, [ecx]");
                                                                                                                                                              											asm("movaps [ebp-0x280], xmm0");
                                                                                                                                                              											asm("movaps xmm0, [ebp-0x280]");
                                                                                                                                                              											asm("pxor xmm0, [ebp-0x290]");
                                                                                                                                                              											asm("movaps [ebp-0x2a0], xmm0");
                                                                                                                                                              											asm("movaps xmm0, [ebp-0x2a0]");
                                                                                                                                                              											asm("movups [edx], xmm0");
                                                                                                                                                              											_v488 = _v428;
                                                                                                                                                              											_t369 =  &_v276;
                                                                                                                                                              											lstrcatA( &_v276, _v488);
                                                                                                                                                              											_v384 = GetModuleHandleA( &_v276);
                                                                                                                                                              											if(_v384 != 0) {
                                                                                                                                                              												_v351 = 0;
                                                                                                                                                              												_v352 = 0;
                                                                                                                                                              												_v353 = 0;
                                                                                                                                                              												_v408 = _v351;
                                                                                                                                                              												_v412 = _v352;
                                                                                                                                                              												_v416 = _v353;
                                                                                                                                                              												_v532 = 0x49f5ad04;
                                                                                                                                                              												_v528 = 0xb9b7b816;
                                                                                                                                                              												_v604 = _v532;
                                                                                                                                                              												_v600 = _v528;
                                                                                                                                                              												_v540 = 0x52ee2b68;
                                                                                                                                                              												_v536 = 0x3e2c95b7;
                                                                                                                                                              												_v596 = _v540;
                                                                                                                                                              												_v592 = _v536;
                                                                                                                                                              												_v432 =  &_v604;
                                                                                                                                                              												_v332 = 0x49f5ad27;
                                                                                                                                                              												_v328 = 0xb9b7b816;
                                                                                                                                                              												_v324 = 0x52ee2b68;
                                                                                                                                                              												_v320 = 0x3e2c95b7;
                                                                                                                                                              												_v354 = 0;
                                                                                                                                                              												_v420 = _v354;
                                                                                                                                                              												asm("movaps xmm0, [ebp-0x140]");
                                                                                                                                                              												asm("movaps [ebp-0x2c0], xmm0");
                                                                                                                                                              												asm("movups xmm0, [ecx]");
                                                                                                                                                              												asm("movaps [ebp-0x2b0], xmm0");
                                                                                                                                                              												asm("movaps xmm0, [ebp-0x2b0]");
                                                                                                                                                              												asm("pxor xmm0, [ebp-0x2c0]");
                                                                                                                                                              												asm("movaps [ebp-0x2d0], xmm0");
                                                                                                                                                              												asm("movaps xmm0, [ebp-0x2d0]");
                                                                                                                                                              												asm("movups [edx], xmm0");
                                                                                                                                                              												_v492 = _v432;
                                                                                                                                                              												_t405 = _v364;
                                                                                                                                                              												if(E0111D5D0(_v364, _v492) != 0) {
                                                                                                                                                              													_v496 = E011253B8(_v364 + 1, _t415, _v364 + 1);
                                                                                                                                                              													_push(_v496);
                                                                                                                                                              													_push(_v384);
                                                                                                                                                              													_v368 = E0110F790(_v364 + 1, _t415, _t416);
                                                                                                                                                              												} else {
                                                                                                                                                              													_push(_v364);
                                                                                                                                                              													_push(_v384);
                                                                                                                                                              													_v368 = E0110F790(_t405, _t415, _t416);
                                                                                                                                                              												}
                                                                                                                                                              												_t369 = _v376;
                                                                                                                                                              												E0112544B(_v376);
                                                                                                                                                              												goto L37;
                                                                                                                                                              											} else {
                                                                                                                                                              												E0112544B(_v376);
                                                                                                                                                              												_t257 = 0;
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              								goto L40;
                                                                                                                                                              							}
                                                                                                                                                              							_t257 = _v368;
                                                                                                                                                              						} else {
                                                                                                                                                              							_t257 = 0;
                                                                                                                                                              						}
                                                                                                                                                              					} else {
                                                                                                                                                              						_t257 = 0;
                                                                                                                                                              					}
                                                                                                                                                              				} else {
                                                                                                                                                              					_t257 = 0;
                                                                                                                                                              				}
                                                                                                                                                              				L40:
                                                                                                                                                              				return E0111C2E8(_t257, _t313, _v16 ^ _t419, _t369, _t415, _t416);
                                                                                                                                                              			}








































































































                                                                                                                                                              0x0110f790
                                                                                                                                                              0x0110f790
                                                                                                                                                              0x0110f791
                                                                                                                                                              0x0110f799
                                                                                                                                                              0x0110f7a0
                                                                                                                                                              0x0110f7a4
                                                                                                                                                              0x0110f7ac
                                                                                                                                                              0x0110f7b3
                                                                                                                                                              0x0110f7b6
                                                                                                                                                              0x0110f7c4
                                                                                                                                                              0x0110f7d0
                                                                                                                                                              0x0110f7e5
                                                                                                                                                              0x0110f7fa
                                                                                                                                                              0x0110f800
                                                                                                                                                              0x0110f80c
                                                                                                                                                              0x0110f825
                                                                                                                                                              0x0110f877
                                                                                                                                                              0x0110f88f
                                                                                                                                                              0x0110f827
                                                                                                                                                              0x0110f83f
                                                                                                                                                              0x0110f85a
                                                                                                                                                              0x0110f85a
                                                                                                                                                              0x0110f8a1
                                                                                                                                                              0x0110f8b3
                                                                                                                                                              0x0110f8c5
                                                                                                                                                              0x0110f8cb
                                                                                                                                                              0x0110f8e6
                                                                                                                                                              0x0110f8ec
                                                                                                                                                              0x0110f8f5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110f900
                                                                                                                                                              0x0110f907
                                                                                                                                                              0x0110f918
                                                                                                                                                              0x0110f931
                                                                                                                                                              0x0110f975
                                                                                                                                                              0x0110f975
                                                                                                                                                              0x0110f933
                                                                                                                                                              0x0110f933
                                                                                                                                                              0x0110f942
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110f944
                                                                                                                                                              0x0110f956
                                                                                                                                                              0x0110f96c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110f96c
                                                                                                                                                              0x0110f942
                                                                                                                                                              0x0110f91a
                                                                                                                                                              0x0110f921
                                                                                                                                                              0x0110f97c
                                                                                                                                                              0x0110f983
                                                                                                                                                              0x0110f9a8
                                                                                                                                                              0x0110ff6c
                                                                                                                                                              0x0110f8e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110f9ae
                                                                                                                                                              0x0110f9b1
                                                                                                                                                              0x0110f9bd
                                                                                                                                                              0x0110f9c3
                                                                                                                                                              0x0110f9c3
                                                                                                                                                              0x0110f9c9
                                                                                                                                                              0x0110f9cb
                                                                                                                                                              0x0110f9d9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110f9e2
                                                                                                                                                              0x0110fa15
                                                                                                                                                              0x0110fa15
                                                                                                                                                              0x0110f9e4
                                                                                                                                                              0x0110f9e4
                                                                                                                                                              0x0110f9ea
                                                                                                                                                              0x0110f9ed
                                                                                                                                                              0x0110f9fc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110f9fe
                                                                                                                                                              0x0110f9fe
                                                                                                                                                              0x0110fa05
                                                                                                                                                              0x0110fa13
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110fa13
                                                                                                                                                              0x0110f9fc
                                                                                                                                                              0x0110fa2c
                                                                                                                                                              0x0110fa32
                                                                                                                                                              0x0110fa3f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110fa3f
                                                                                                                                                              0x0110fa21
                                                                                                                                                              0x0110fa26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110fa26
                                                                                                                                                              0x0110fa45
                                                                                                                                                              0x0110fa45
                                                                                                                                                              0x0110fa58
                                                                                                                                                              0x0110fa5e
                                                                                                                                                              0x0110fa6a
                                                                                                                                                              0x0110ff6a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110fa88
                                                                                                                                                              0x0110fa88
                                                                                                                                                              0x0110fa92
                                                                                                                                                              0x0110faaa
                                                                                                                                                              0x0110fab2
                                                                                                                                                              0x0110facb
                                                                                                                                                              0x0110fad3
                                                                                                                                                              0x0110fadb
                                                                                                                                                              0x0110fae3
                                                                                                                                                              0x0110faef
                                                                                                                                                              0x0110fafb
                                                                                                                                                              0x0110fb07
                                                                                                                                                              0x0110fb12
                                                                                                                                                              0x0110fb1c
                                                                                                                                                              0x0110fb2e
                                                                                                                                                              0x0110fb34
                                                                                                                                                              0x0110fb3f
                                                                                                                                                              0x0110fb49
                                                                                                                                                              0x0110fb5b
                                                                                                                                                              0x0110fb61
                                                                                                                                                              0x0110fb6d
                                                                                                                                                              0x0110fb78
                                                                                                                                                              0x0110fb82
                                                                                                                                                              0x0110fb8d
                                                                                                                                                              0x0110fb97
                                                                                                                                                              0x0110fb9f
                                                                                                                                                              0x0110fbab
                                                                                                                                                              0x0110fbb1
                                                                                                                                                              0x0110fbb8
                                                                                                                                                              0x0110fbc5
                                                                                                                                                              0x0110fbc8
                                                                                                                                                              0x0110fbcf
                                                                                                                                                              0x0110fbd6
                                                                                                                                                              0x0110fbde
                                                                                                                                                              0x0110fbe5
                                                                                                                                                              0x0110fbf2
                                                                                                                                                              0x0110fbfb
                                                                                                                                                              0x0110fc17
                                                                                                                                                              0x0110fc23
                                                                                                                                                              0x0110fc2f
                                                                                                                                                              0x0110fc43
                                                                                                                                                              0x0110fc4b
                                                                                                                                                              0x0110fc53
                                                                                                                                                              0x0110fc5b
                                                                                                                                                              0x0110fc67
                                                                                                                                                              0x0110fc73
                                                                                                                                                              0x0110fc7f
                                                                                                                                                              0x0110fc8a
                                                                                                                                                              0x0110fc94
                                                                                                                                                              0x0110fca6
                                                                                                                                                              0x0110fcac
                                                                                                                                                              0x0110fcb7
                                                                                                                                                              0x0110fcc1
                                                                                                                                                              0x0110fcd3
                                                                                                                                                              0x0110fcd9
                                                                                                                                                              0x0110fce5
                                                                                                                                                              0x0110fcf0
                                                                                                                                                              0x0110fcfa
                                                                                                                                                              0x0110fd05
                                                                                                                                                              0x0110fd0f
                                                                                                                                                              0x0110fd17
                                                                                                                                                              0x0110fd23
                                                                                                                                                              0x0110fd29
                                                                                                                                                              0x0110fd30
                                                                                                                                                              0x0110fd3d
                                                                                                                                                              0x0110fd40
                                                                                                                                                              0x0110fd47
                                                                                                                                                              0x0110fd4e
                                                                                                                                                              0x0110fd56
                                                                                                                                                              0x0110fd5d
                                                                                                                                                              0x0110fd6a
                                                                                                                                                              0x0110fd73
                                                                                                                                                              0x0110fd80
                                                                                                                                                              0x0110fd87
                                                                                                                                                              0x0110fd9a
                                                                                                                                                              0x0110fda7
                                                                                                                                                              0x0110fdc1
                                                                                                                                                              0x0110fdc9
                                                                                                                                                              0x0110fdd1
                                                                                                                                                              0x0110fddd
                                                                                                                                                              0x0110fde9
                                                                                                                                                              0x0110fdf5
                                                                                                                                                              0x0110fe00
                                                                                                                                                              0x0110fe0a
                                                                                                                                                              0x0110fe1c
                                                                                                                                                              0x0110fe22
                                                                                                                                                              0x0110fe2d
                                                                                                                                                              0x0110fe37
                                                                                                                                                              0x0110fe49
                                                                                                                                                              0x0110fe4f
                                                                                                                                                              0x0110fe5b
                                                                                                                                                              0x0110fe66
                                                                                                                                                              0x0110fe70
                                                                                                                                                              0x0110fe7b
                                                                                                                                                              0x0110fe85
                                                                                                                                                              0x0110fe8d
                                                                                                                                                              0x0110fe99
                                                                                                                                                              0x0110fe9f
                                                                                                                                                              0x0110fea6
                                                                                                                                                              0x0110feb3
                                                                                                                                                              0x0110feb6
                                                                                                                                                              0x0110febd
                                                                                                                                                              0x0110fec4
                                                                                                                                                              0x0110fecc
                                                                                                                                                              0x0110fed3
                                                                                                                                                              0x0110fee0
                                                                                                                                                              0x0110fee9
                                                                                                                                                              0x0110fef6
                                                                                                                                                              0x0110ff07
                                                                                                                                                              0x0110ff39
                                                                                                                                                              0x0110ff45
                                                                                                                                                              0x0110ff4c
                                                                                                                                                              0x0110ff55
                                                                                                                                                              0x0110ff09
                                                                                                                                                              0x0110ff0f
                                                                                                                                                              0x0110ff16
                                                                                                                                                              0x0110ff1f
                                                                                                                                                              0x0110ff1f
                                                                                                                                                              0x0110ff5b
                                                                                                                                                              0x0110ff62
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110fda9
                                                                                                                                                              0x0110fdb0
                                                                                                                                                              0x0110fdb8
                                                                                                                                                              0x0110fdb8
                                                                                                                                                              0x0110fda7
                                                                                                                                                              0x0110fa6a
                                                                                                                                                              0x0110f983
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0110f918
                                                                                                                                                              0x0110ff71
                                                                                                                                                              0x0110f80e
                                                                                                                                                              0x0110f80e
                                                                                                                                                              0x0110f80e
                                                                                                                                                              0x0110f7e7
                                                                                                                                                              0x0110f7e7
                                                                                                                                                              0x0110f7e7
                                                                                                                                                              0x0110f7c6
                                                                                                                                                              0x0110f7c6
                                                                                                                                                              0x0110f7c6
                                                                                                                                                              0x0110ff77
                                                                                                                                                              0x0110ff87

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: h+R$h+R$h+R$h+R$h+R$h+R
                                                                                                                                                              • API String ID: 0-1702798749
                                                                                                                                                              • Opcode ID: 55c6530166a2e2533c4679906c3eb10e986cd939d8ed492a11f9f7efc988d5e1
                                                                                                                                                              • Instruction ID: 081eb358dcb018888b46ec89b7697eef6ce15a4b3e2ce3ea6b6618e87b88b5c9
                                                                                                                                                              • Opcode Fuzzy Hash: 55c6530166a2e2533c4679906c3eb10e986cd939d8ed492a11f9f7efc988d5e1
                                                                                                                                                              • Instruction Fuzzy Hash: 3622E174D052A98BDB6ACF28CC85BE9BBB1AF59304F0481D9D84CAB351E7309AC5CF51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E010E56B0(intOrPtr __ecx, char _a4, char _a28, intOrPtr _a44) {
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				char _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				signed int _v24;
                                                                                                                                                              				signed int _v28;
                                                                                                                                                              				char _v32;
                                                                                                                                                              				signed int _v36;
                                                                                                                                                              				intOrPtr _v40;
                                                                                                                                                              				signed int _v44;
                                                                                                                                                              				char _v45;
                                                                                                                                                              				intOrPtr* _v52;
                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                              				char* _v60;
                                                                                                                                                              				signed int _v64;
                                                                                                                                                              				char* _v68;
                                                                                                                                                              				char* _v72;
                                                                                                                                                              				intOrPtr _v76;
                                                                                                                                                              				intOrPtr _v80;
                                                                                                                                                              				signed int _v84;
                                                                                                                                                              				signed int _v88;
                                                                                                                                                              				intOrPtr _v92;
                                                                                                                                                              				intOrPtr _v96;
                                                                                                                                                              				intOrPtr _v100;
                                                                                                                                                              				intOrPtr _v104;
                                                                                                                                                              				intOrPtr _v108;
                                                                                                                                                              				intOrPtr _v112;
                                                                                                                                                              				intOrPtr _v116;
                                                                                                                                                              				signed int _v120;
                                                                                                                                                              				signed int _v124;
                                                                                                                                                              				intOrPtr _v128;
                                                                                                                                                              				intOrPtr _v132;
                                                                                                                                                              				intOrPtr _v136;
                                                                                                                                                              				intOrPtr _v140;
                                                                                                                                                              				signed int _v144;
                                                                                                                                                              				signed int _v148;
                                                                                                                                                              				intOrPtr _v152;
                                                                                                                                                              				intOrPtr _v156;
                                                                                                                                                              				signed int _v160;
                                                                                                                                                              				intOrPtr _v164;
                                                                                                                                                              				intOrPtr _v168;
                                                                                                                                                              				intOrPtr _v172;
                                                                                                                                                              				intOrPtr _v176;
                                                                                                                                                              				intOrPtr _v180;
                                                                                                                                                              				intOrPtr _v184;
                                                                                                                                                              				signed int _v188;
                                                                                                                                                              				intOrPtr _v192;
                                                                                                                                                              				intOrPtr _v196;
                                                                                                                                                              				char* _v200;
                                                                                                                                                              				char* _v204;
                                                                                                                                                              				char _v228;
                                                                                                                                                              				char _v252;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				signed int _t164;
                                                                                                                                                              				signed int _t165;
                                                                                                                                                              				signed int _t170;
                                                                                                                                                              				signed int _t177;
                                                                                                                                                              				signed int _t183;
                                                                                                                                                              				void* _t186;
                                                                                                                                                              				void* _t189;
                                                                                                                                                              				intOrPtr _t192;
                                                                                                                                                              				signed int _t211;
                                                                                                                                                              				signed int _t224;
                                                                                                                                                              				void* _t259;
                                                                                                                                                              				signed int _t271;
                                                                                                                                                              				intOrPtr _t273;
                                                                                                                                                              				signed int _t290;
                                                                                                                                                              				char* _t321;
                                                                                                                                                              				intOrPtr _t322;
                                                                                                                                                              				signed int _t331;
                                                                                                                                                              				intOrPtr _t339;
                                                                                                                                                              				void* _t349;
                                                                                                                                                              				void* _t351;
                                                                                                                                                              				void* _t356;
                                                                                                                                                              				signed int _t357;
                                                                                                                                                              				void* _t358;
                                                                                                                                                              				void* _t359;
                                                                                                                                                              
                                                                                                                                                              				_push(0xffffffff);
                                                                                                                                                              				_push(0x1134bf3);
                                                                                                                                                              				_push( *[fs:0x0]);
                                                                                                                                                              				_t359 = _t358 - 0xec;
                                                                                                                                                              				_t164 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_t165 = _t164 ^ _t357;
                                                                                                                                                              				_v20 = _t165;
                                                                                                                                                              				_push(_t349);
                                                                                                                                                              				_push(_t165);
                                                                                                                                                              				 *[fs:0x0] =  &_v16;
                                                                                                                                                              				_v56 = __ecx;
                                                                                                                                                              				_v44 = 0;
                                                                                                                                                              				_v8 = 1;
                                                                                                                                                              				_v32 = 0;
                                                                                                                                                              				_v28 = 0;
                                                                                                                                                              				_v24 = 0;
                                                                                                                                                              				_v60 =  &_v32;
                                                                                                                                                              				_t262 = _v60;
                                                                                                                                                              				E010FAAC0(_v60);
                                                                                                                                                              				_v204 =  &_v32;
                                                                                                                                                              				_v8 = 2;
                                                                                                                                                              				_t170 = E0111F98F(_v60) & 0x80000001;
                                                                                                                                                              				if(_t170 < 0) {
                                                                                                                                                              					_t170 = (_t170 - 0x00000001 | 0xfffffffe) + 1;
                                                                                                                                                              				}
                                                                                                                                                              				if(_t170 != 0) {
                                                                                                                                                              					 *0x011437A0 = 0xda;
                                                                                                                                                              					 *0x011437AD = 0xce;
                                                                                                                                                              					 *0x011437AE = 0xc3;
                                                                                                                                                              					_t262 = 3;
                                                                                                                                                              					 *0x011437A3 = 0xdb;
                                                                                                                                                              					 *0x01CF134D = 0xa5;
                                                                                                                                                              					__eflags = 1;
                                                                                                                                                              					 *((char*)(0x1cf134d)) = 0xee;
                                                                                                                                                              				} else {
                                                                                                                                                              					E0111DBB0(_t349, 0x11437a0, 0x2b, 0x37);
                                                                                                                                                              					_t359 = _t359 + 0xc;
                                                                                                                                                              				}
                                                                                                                                                              				_v36 = 0;
                                                                                                                                                              				_t177 = E0111F98F(_t262) & 0x80000001;
                                                                                                                                                              				if(_t177 < 0) {
                                                                                                                                                              					_t177 = (_t177 - 0x00000001 | 0xfffffffe) + 1;
                                                                                                                                                              				}
                                                                                                                                                              				_t366 = _t177;
                                                                                                                                                              				if(_t177 != 0) {
                                                                                                                                                              					 *((char*)(0x11437a0)) = 0xda;
                                                                                                                                                              					 *((char*)(0x11437ad)) = 0xce;
                                                                                                                                                              					 *((char*)(0x11437ae)) = 0xc3;
                                                                                                                                                              					 *((char*)(0x11437a3)) = 0xdb;
                                                                                                                                                              					 *((char*)(0x1cf134d)) = 0xa5;
                                                                                                                                                              					__eflags = 1;
                                                                                                                                                              					 *((char*)(0x1cf134d)) = 0xee;
                                                                                                                                                              				} else {
                                                                                                                                                              					E0111DBB0(_t349, 0x11437a0, 0x2b, 0x37);
                                                                                                                                                              					_t359 = _t359 + 0xc;
                                                                                                                                                              				}
                                                                                                                                                              				_t321 =  &_a28;
                                                                                                                                                              				_v40 = E010F68D0( &_a4, _t321, 0);
                                                                                                                                                              				while(1) {
                                                                                                                                                              					_t183 =  *0x11428d8; // 0x15b5d
                                                                                                                                                              					_t271 =  *0x11428dc; // 0x0
                                                                                                                                                              					_t186 = E01133280(E01133280(_t183 ^ 0x00004579, _t271 ^ 0x00000000, 0xffffffff, 0), _t321, 4, 0);
                                                                                                                                                              					asm("adc eax, 0x18");
                                                                                                                                                              					_t322 =  *0x11428cc; // 0x0
                                                                                                                                                              					_t273 =  *0x11428c8; // 0x4c
                                                                                                                                                              					_v64 = _t321;
                                                                                                                                                              					_t189 = E01133300(E01133280(_t273, _t322, 0x4579, 0), _t322, 0x19, 0);
                                                                                                                                                              					asm("adc eax, edx");
                                                                                                                                                              					asm("adc eax, 0x0");
                                                                                                                                                              					_t192 = E010E2800(_t366, _t186 + 0xffffffe7 + _t189 + 0xffffffff ^ 0x00000019, _v64 ^ 0x00000000);
                                                                                                                                                              					_t359 = _t359 + 8;
                                                                                                                                                              					_v108 = _v40;
                                                                                                                                                              					_v104 = 0;
                                                                                                                                                              					_v116 = _t192;
                                                                                                                                                              					_v112 = _t322;
                                                                                                                                                              					if(_v108 != _v116) {
                                                                                                                                                              						goto L13;
                                                                                                                                                              					}
                                                                                                                                                              					_t366 = _v104 - _v112;
                                                                                                                                                              					if(_v104 != _v112) {
                                                                                                                                                              						goto L13;
                                                                                                                                                              					}
                                                                                                                                                              					_v84 = E0111F98F(_t273) % 0x180;
                                                                                                                                                              					_t331 = _v84 & 0x80000001;
                                                                                                                                                              					__eflags = _t331;
                                                                                                                                                              					if(_t331 < 0) {
                                                                                                                                                              						_t331 = (_t331 - 0x00000001 | 0xfffffffe) + 1;
                                                                                                                                                              						__eflags = _t331;
                                                                                                                                                              					}
                                                                                                                                                              					__eflags = _t331;
                                                                                                                                                              					if(_t331 == 0) {
                                                                                                                                                              						__eflags = 0;
                                                                                                                                                              						 *0x01143628 = 0x22;
                                                                                                                                                              						 *0x01CF11D1 = 0;
                                                                                                                                                              					}
                                                                                                                                                              					_v52 =  &_v32;
                                                                                                                                                              					asm("cdq");
                                                                                                                                                              					_v88 = ( *((intOrPtr*)(_v52 + 4)) -  *_v52) / 0x18;
                                                                                                                                                              					_v124 = 0x4560;
                                                                                                                                                              					_v120 = 0;
                                                                                                                                                              					_v148 = _v124 ^ 0x00000019;
                                                                                                                                                              					_v144 = _v120 ^ 0x00000000;
                                                                                                                                                              					_v132 = 0x19;
                                                                                                                                                              					_v128 = 0;
                                                                                                                                                              					_t211 =  *0x11428c0; // 0x51
                                                                                                                                                              					_t290 =  *0x11428c4; // 0x0
                                                                                                                                                              					_v140 = E01133280(_t211 ^ 0x00004579, _t290 ^ 0x00000000, 6, 0);
                                                                                                                                                              					_v136 = 0;
                                                                                                                                                              					_v156 = 0x4579;
                                                                                                                                                              					_v152 = 0;
                                                                                                                                                              					asm("adc ecx, edx");
                                                                                                                                                              					asm("adc ecx, 0x0");
                                                                                                                                                              					_v172 = _v132 + _v140 + 1;
                                                                                                                                                              					_v168 = _v128;
                                                                                                                                                              					asm("sbb ecx, edx");
                                                                                                                                                              					_v164 = _v148 - _v156;
                                                                                                                                                              					_v160 = _v144;
                                                                                                                                                              					_t339 = _v172;
                                                                                                                                                              					_v180 = E01133300(_v164, _v160, _t339, _v168);
                                                                                                                                                              					_v176 = _t339;
                                                                                                                                                              					_t295 = 0;
                                                                                                                                                              					_v188 = _v88;
                                                                                                                                                              					_v184 = 0;
                                                                                                                                                              					_v196 = _v180;
                                                                                                                                                              					_v192 = _v176;
                                                                                                                                                              					__eflags = _v184 - _v192;
                                                                                                                                                              					if(__eflags >= 0) {
                                                                                                                                                              						if(__eflags > 0) {
                                                                                                                                                              							L21:
                                                                                                                                                              							_v92 = E010F67C0( &_a4, __eflags,  &_v252, _v36, 0xffffffff);
                                                                                                                                                              							_v96 = _v92;
                                                                                                                                                              							_v8 = 4;
                                                                                                                                                              							_v100 = _v96;
                                                                                                                                                              							E010F6320( &_v32, _v100);
                                                                                                                                                              							_v8 = 2;
                                                                                                                                                              							_t295 =  &_v252;
                                                                                                                                                              							E010E1AB0( &_v252);
                                                                                                                                                              						} else {
                                                                                                                                                              							_t295 = _v188;
                                                                                                                                                              							__eflags = _v188 - _v196;
                                                                                                                                                              							if(__eflags > 0) {
                                                                                                                                                              								goto L21;
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					_t224 = E0111F98F(_t295) & 0x80000001;
                                                                                                                                                              					__eflags = _t224;
                                                                                                                                                              					if(_t224 < 0) {
                                                                                                                                                              						_t224 = (_t224 - 0x00000001 | 0xfffffffe) + 1;
                                                                                                                                                              						__eflags = _t224;
                                                                                                                                                              					}
                                                                                                                                                              					__eflags = _t224;
                                                                                                                                                              					if(_t224 != 0) {
                                                                                                                                                              						 *((char*)(0x11437a0)) = 0xda;
                                                                                                                                                              						 *((char*)(0x11437ad)) = 0xce;
                                                                                                                                                              						 *((char*)(0x11437ae)) = 0xc3;
                                                                                                                                                              						 *((char*)(0x11437a3)) = 0xdb;
                                                                                                                                                              						 *((char*)(0x1cf134d)) = 0xa5;
                                                                                                                                                              						__eflags = 1;
                                                                                                                                                              						 *((char*)(0x1cf134d)) = 0xee;
                                                                                                                                                              					} else {
                                                                                                                                                              						E0111DBB0(0, 0x11437a0, 0x2b, 0x37);
                                                                                                                                                              					}
                                                                                                                                                              					E010F6440(_v56,  &_v32);
                                                                                                                                                              					_v44 = _v44 | 0x00000001;
                                                                                                                                                              					_v8 = 1;
                                                                                                                                                              					E010F76C0( &_v32);
                                                                                                                                                              					_v8 = 0;
                                                                                                                                                              					E010E1AB0( &_a4);
                                                                                                                                                              					_v8 = 0xffffffff;
                                                                                                                                                              					E010E1AB0( &_a28);
                                                                                                                                                              					 *[fs:0x0] = _v16;
                                                                                                                                                              					_pop(_t351);
                                                                                                                                                              					_pop(_t356);
                                                                                                                                                              					_pop(_t259);
                                                                                                                                                              					__eflags = _v20 ^ _t357;
                                                                                                                                                              					return E0111C2E8(_v56, _t259, _v20 ^ _t357,  &_v32, _t351, _t356);
                                                                                                                                                              					L13:
                                                                                                                                                              					_v200 =  &_a4;
                                                                                                                                                              					_v68 =  &_v45;
                                                                                                                                                              					_push(_v68);
                                                                                                                                                              					E010F7DA0( &_v228,  &_a4, _v36, _v40 - _v36);
                                                                                                                                                              					_v44 = _v44 | 0x00000002;
                                                                                                                                                              					_v72 =  &_v228;
                                                                                                                                                              					_v8 = 3;
                                                                                                                                                              					_v76 = _v72;
                                                                                                                                                              					E010F6320( &_v32, _v76);
                                                                                                                                                              					_v8 = 2;
                                                                                                                                                              					E010E1AB0( &_v228);
                                                                                                                                                              					_v80 = _a44;
                                                                                                                                                              					_v36 = _v40 + _v80;
                                                                                                                                                              					_t321 =  &_a28;
                                                                                                                                                              					_v40 = E010F68D0( &_a4, _t321, _v36);
                                                                                                                                                              				}
                                                                                                                                                              			}

















































































                                                                                                                                                              0x010e56b3
                                                                                                                                                              0x010e56b5
                                                                                                                                                              0x010e56c0
                                                                                                                                                              0x010e56c1
                                                                                                                                                              0x010e56c7
                                                                                                                                                              0x010e56cc
                                                                                                                                                              0x010e56ce
                                                                                                                                                              0x010e56d3
                                                                                                                                                              0x010e56d4
                                                                                                                                                              0x010e56d8
                                                                                                                                                              0x010e56de
                                                                                                                                                              0x010e56e1
                                                                                                                                                              0x010e56e8
                                                                                                                                                              0x010e56f1
                                                                                                                                                              0x010e56f4
                                                                                                                                                              0x010e56f7
                                                                                                                                                              0x010e56fd
                                                                                                                                                              0x010e5700
                                                                                                                                                              0x010e5703
                                                                                                                                                              0x010e570b
                                                                                                                                                              0x010e5711
                                                                                                                                                              0x010e571a
                                                                                                                                                              0x010e571f
                                                                                                                                                              0x010e5725
                                                                                                                                                              0x010e5725
                                                                                                                                                              0x010e5728
                                                                                                                                                              0x010e5745
                                                                                                                                                              0x010e5754
                                                                                                                                                              0x010e5763
                                                                                                                                                              0x010e576f
                                                                                                                                                              0x010e5772
                                                                                                                                                              0x010e5781
                                                                                                                                                              0x010e578d
                                                                                                                                                              0x010e578f
                                                                                                                                                              0x010e572a
                                                                                                                                                              0x010e5733
                                                                                                                                                              0x010e5738
                                                                                                                                                              0x010e5738
                                                                                                                                                              0x010e5796
                                                                                                                                                              0x010e57a2
                                                                                                                                                              0x010e57a7
                                                                                                                                                              0x010e57ad
                                                                                                                                                              0x010e57ad
                                                                                                                                                              0x010e57ae
                                                                                                                                                              0x010e57b0
                                                                                                                                                              0x010e57cd
                                                                                                                                                              0x010e57dc
                                                                                                                                                              0x010e57eb
                                                                                                                                                              0x010e57fa
                                                                                                                                                              0x010e5809
                                                                                                                                                              0x010e5815
                                                                                                                                                              0x010e5817
                                                                                                                                                              0x010e57b2
                                                                                                                                                              0x010e57bb
                                                                                                                                                              0x010e57c0
                                                                                                                                                              0x010e57c0
                                                                                                                                                              0x010e5820
                                                                                                                                                              0x010e582c
                                                                                                                                                              0x010e582f
                                                                                                                                                              0x010e5834
                                                                                                                                                              0x010e583e
                                                                                                                                                              0x010e5858
                                                                                                                                                              0x010e5864
                                                                                                                                                              0x010e586e
                                                                                                                                                              0x010e5875
                                                                                                                                                              0x010e587c
                                                                                                                                                              0x010e588a
                                                                                                                                                              0x010e5894
                                                                                                                                                              0x010e5899
                                                                                                                                                              0x010e58a4
                                                                                                                                                              0x010e58a9
                                                                                                                                                              0x010e58ac
                                                                                                                                                              0x010e58af
                                                                                                                                                              0x010e58b2
                                                                                                                                                              0x010e58b5
                                                                                                                                                              0x010e58be
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x010e58c3
                                                                                                                                                              0x010e58c6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x010e5965
                                                                                                                                                              0x010e596b
                                                                                                                                                              0x010e596b
                                                                                                                                                              0x010e5971
                                                                                                                                                              0x010e5977
                                                                                                                                                              0x010e5977
                                                                                                                                                              0x010e5977
                                                                                                                                                              0x010e5978
                                                                                                                                                              0x010e597a
                                                                                                                                                              0x010e5984
                                                                                                                                                              0x010e5986
                                                                                                                                                              0x010e5990
                                                                                                                                                              0x010e5990
                                                                                                                                                              0x010e5999
                                                                                                                                                              0x010e59a7
                                                                                                                                                              0x010e59af
                                                                                                                                                              0x010e59b4
                                                                                                                                                              0x010e59bb
                                                                                                                                                              0x010e59ca
                                                                                                                                                              0x010e59d0
                                                                                                                                                              0x010e59d8
                                                                                                                                                              0x010e59df
                                                                                                                                                              0x010e59e2
                                                                                                                                                              0x010e59ec
                                                                                                                                                              0x010e5a00
                                                                                                                                                              0x010e5a06
                                                                                                                                                              0x010e5a0e
                                                                                                                                                              0x010e5a18
                                                                                                                                                              0x010e5a30
                                                                                                                                                              0x010e5a35
                                                                                                                                                              0x010e5a38
                                                                                                                                                              0x010e5a3e
                                                                                                                                                              0x010e5a5c
                                                                                                                                                              0x010e5a5e
                                                                                                                                                              0x010e5a64
                                                                                                                                                              0x010e5a76
                                                                                                                                                              0x010e5a8b
                                                                                                                                                              0x010e5a91
                                                                                                                                                              0x010e5a9a
                                                                                                                                                              0x010e5aa8
                                                                                                                                                              0x010e5aae
                                                                                                                                                              0x010e5ab4
                                                                                                                                                              0x010e5aba
                                                                                                                                                              0x010e5ac6
                                                                                                                                                              0x010e5acc
                                                                                                                                                              0x010e5ace
                                                                                                                                                              0x010e5ade
                                                                                                                                                              0x010e5af3
                                                                                                                                                              0x010e5af9
                                                                                                                                                              0x010e5afc
                                                                                                                                                              0x010e5b03
                                                                                                                                                              0x010e5b0d
                                                                                                                                                              0x010e5b12
                                                                                                                                                              0x010e5b16
                                                                                                                                                              0x010e5b1c
                                                                                                                                                              0x010e5ad0
                                                                                                                                                              0x010e5ad0
                                                                                                                                                              0x010e5ad6
                                                                                                                                                              0x010e5adc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x010e5adc
                                                                                                                                                              0x010e5ace
                                                                                                                                                              0x010e5b26
                                                                                                                                                              0x010e5b26
                                                                                                                                                              0x010e5b2b
                                                                                                                                                              0x010e5b31
                                                                                                                                                              0x010e5b31
                                                                                                                                                              0x010e5b31
                                                                                                                                                              0x010e5b32
                                                                                                                                                              0x010e5b34
                                                                                                                                                              0x010e5b51
                                                                                                                                                              0x010e5b60
                                                                                                                                                              0x010e5b6f
                                                                                                                                                              0x010e5b7e
                                                                                                                                                              0x010e5b8d
                                                                                                                                                              0x010e5b99
                                                                                                                                                              0x010e5b9b
                                                                                                                                                              0x010e5b36
                                                                                                                                                              0x010e5b3f
                                                                                                                                                              0x010e5b44
                                                                                                                                                              0x010e5ba9
                                                                                                                                                              0x010e5bb4
                                                                                                                                                              0x010e5bb7
                                                                                                                                                              0x010e5bbe
                                                                                                                                                              0x010e5bc3
                                                                                                                                                              0x010e5bca
                                                                                                                                                              0x010e5bcf
                                                                                                                                                              0x010e5bd9
                                                                                                                                                              0x010e5be4
                                                                                                                                                              0x010e5bec
                                                                                                                                                              0x010e5bed
                                                                                                                                                              0x010e5bee
                                                                                                                                                              0x010e5bf2
                                                                                                                                                              0x010e5bfc
                                                                                                                                                              0x010e58cc
                                                                                                                                                              0x010e58cf
                                                                                                                                                              0x010e58d8
                                                                                                                                                              0x010e58de
                                                                                                                                                              0x010e58f4
                                                                                                                                                              0x010e58ff
                                                                                                                                                              0x010e5908
                                                                                                                                                              0x010e590b
                                                                                                                                                              0x010e5912
                                                                                                                                                              0x010e591c
                                                                                                                                                              0x010e5921
                                                                                                                                                              0x010e592b
                                                                                                                                                              0x010e5933
                                                                                                                                                              0x010e593c
                                                                                                                                                              0x010e5943
                                                                                                                                                              0x010e594f
                                                                                                                                                              0x010e594f

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aulldiv$std::exception::exception
                                                                                                                                                              • String ID: `E$yE
                                                                                                                                                              • API String ID: 1184379571-886419907
                                                                                                                                                              • Opcode ID: dbf62afcba46f34a41786b8205c356894a2320bacd76356e1faa1e6f1c3109ef
                                                                                                                                                              • Instruction ID: f730848fe71153529d94a20c202bb16365931b3ec560b66aaf9c99da2b8708d0
                                                                                                                                                              • Opcode Fuzzy Hash: dbf62afcba46f34a41786b8205c356894a2320bacd76356e1faa1e6f1c3109ef
                                                                                                                                                              • Instruction Fuzzy Hash: 6FF19E70D006199FEB28DFA8CC44BDEBBB1FF58310F1486A9E169AB2D1DB745941CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E01128855(signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                                                                                                              				signed int _v5;
                                                                                                                                                              				signed int _v12;
                                                                                                                                                              				signed int _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				signed int _v24;
                                                                                                                                                              				unsigned int _v28;
                                                                                                                                                              				signed int _v32;
                                                                                                                                                              				signed int _v36;
                                                                                                                                                              				signed int _v40;
                                                                                                                                                              				signed int _v48;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				void* __ebp;
                                                                                                                                                              				signed char _t87;
                                                                                                                                                              				void* _t93;
                                                                                                                                                              				intOrPtr _t94;
                                                                                                                                                              				signed int _t98;
                                                                                                                                                              				signed int _t100;
                                                                                                                                                              				signed int _t101;
                                                                                                                                                              				signed int _t104;
                                                                                                                                                              				signed int _t105;
                                                                                                                                                              				signed int _t106;
                                                                                                                                                              				signed int _t111;
                                                                                                                                                              				void* _t113;
                                                                                                                                                              				signed int _t114;
                                                                                                                                                              				void* _t115;
                                                                                                                                                              				void* _t118;
                                                                                                                                                              				void* _t120;
                                                                                                                                                              				void* _t122;
                                                                                                                                                              				signed int* _t124;
                                                                                                                                                              				void* _t127;
                                                                                                                                                              				signed int _t129;
                                                                                                                                                              				signed int _t131;
                                                                                                                                                              				signed int _t136;
                                                                                                                                                              				signed int* _t140;
                                                                                                                                                              				signed int _t141;
                                                                                                                                                              				signed int _t146;
                                                                                                                                                              				signed int _t147;
                                                                                                                                                              				signed int _t149;
                                                                                                                                                              				signed int _t154;
                                                                                                                                                              				signed int _t155;
                                                                                                                                                              				signed int _t156;
                                                                                                                                                              				signed int _t157;
                                                                                                                                                              				void* _t161;
                                                                                                                                                              				unsigned int _t162;
                                                                                                                                                              				intOrPtr _t171;
                                                                                                                                                              				signed int _t173;
                                                                                                                                                              				signed int* _t174;
                                                                                                                                                              				signed int _t176;
                                                                                                                                                              				signed int _t177;
                                                                                                                                                              				signed int _t178;
                                                                                                                                                              				signed int _t183;
                                                                                                                                                              				signed int _t184;
                                                                                                                                                              				signed int _t185;
                                                                                                                                                              				signed int _t186;
                                                                                                                                                              				signed int _t188;
                                                                                                                                                              				intOrPtr _t189;
                                                                                                                                                              				void* _t190;
                                                                                                                                                              
                                                                                                                                                              				_t186 = _a24;
                                                                                                                                                              				if(_t186 < 0) {
                                                                                                                                                              					_t186 = 0;
                                                                                                                                                              				}
                                                                                                                                                              				_t183 = _a8;
                                                                                                                                                              				_t3 = _t186 + 0xb; // 0xb
                                                                                                                                                              				 *_t183 = 0;
                                                                                                                                                              				if(_a12 > _t3) {
                                                                                                                                                              					_t140 = _a4;
                                                                                                                                                              					_t147 = _t140[1];
                                                                                                                                                              					_t173 =  *_t140;
                                                                                                                                                              					__eflags = (_t147 >> 0x00000014 & 0x000007ff) - 0x7ff;
                                                                                                                                                              					if(__eflags != 0) {
                                                                                                                                                              						__eflags = _t147;
                                                                                                                                                              						if(__eflags > 0) {
                                                                                                                                                              							L13:
                                                                                                                                                              							_t20 = _t183 + 1; // 0x2
                                                                                                                                                              							_t174 = _t20;
                                                                                                                                                              							_t87 = _a28 ^ 0x00000001;
                                                                                                                                                              							_v20 = 0x3ff;
                                                                                                                                                              							_v5 = _t87;
                                                                                                                                                              							_v16 = _t174;
                                                                                                                                                              							_v48 = ((_t87 & 0x000000ff) << 5) + 7;
                                                                                                                                                              							__eflags = _t147 & 0x7ff00000;
                                                                                                                                                              							_t93 = 0x30;
                                                                                                                                                              							if((_t147 & 0x7ff00000) != 0) {
                                                                                                                                                              								 *_t183 = 0x31;
                                                                                                                                                              								L18:
                                                                                                                                                              								_t149 = 0;
                                                                                                                                                              								__eflags = 0;
                                                                                                                                                              								L19:
                                                                                                                                                              								_t28 =  &(_t174[0]); // 0x2
                                                                                                                                                              								_t184 = _t28;
                                                                                                                                                              								__eflags = _t186;
                                                                                                                                                              								if(_t186 != 0) {
                                                                                                                                                              									_t94 = _a40;
                                                                                                                                                              									__eflags =  *((char*)(_t94 + 0x14));
                                                                                                                                                              									if(__eflags == 0) {
                                                                                                                                                              										E011234B0(_t94, _t174, __eflags);
                                                                                                                                                              										_t94 = _a40;
                                                                                                                                                              										_t174 = _v16;
                                                                                                                                                              									}
                                                                                                                                                              									_t149 = 0;
                                                                                                                                                              									__eflags = 0;
                                                                                                                                                              									_t98 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t94 + 0xc)) + 0x88))))));
                                                                                                                                                              								} else {
                                                                                                                                                              									_t98 = _t149;
                                                                                                                                                              								}
                                                                                                                                                              								 *_t174 = _t98;
                                                                                                                                                              								_t100 = _t140[1] & 0x000fffff;
                                                                                                                                                              								__eflags = _t100;
                                                                                                                                                              								_v40 = _t100;
                                                                                                                                                              								if(_t100 > 0) {
                                                                                                                                                              									L26:
                                                                                                                                                              									_t175 = _t149;
                                                                                                                                                              									_t150 = 0xf0000;
                                                                                                                                                              									_t101 = 0x30;
                                                                                                                                                              									_v12 = _t101;
                                                                                                                                                              									_v24 = _t149;
                                                                                                                                                              									_v28 = 0xf0000;
                                                                                                                                                              									while(1) {
                                                                                                                                                              										_v32 = _v12 & 0x0000ffff;
                                                                                                                                                              										_t104 = _t184;
                                                                                                                                                              										_v36 = _t184;
                                                                                                                                                              										_v40 = _t186;
                                                                                                                                                              										__eflags = _t186;
                                                                                                                                                              										if(__eflags <= 0) {
                                                                                                                                                              											break;
                                                                                                                                                              										}
                                                                                                                                                              										_t127 = E011332E0( *_t140 & _t175, _v32 & 0x0000ffff, _t140[1] & _t150 & 0x000fffff);
                                                                                                                                                              										_t161 = 0x30;
                                                                                                                                                              										_t129 = _t127 + _t161 & 0x0000ffff;
                                                                                                                                                              										__eflags = _t129 - 0x39;
                                                                                                                                                              										if(_t129 > 0x39) {
                                                                                                                                                              											_t129 = _t129 + _v48;
                                                                                                                                                              											__eflags = _t129;
                                                                                                                                                              										}
                                                                                                                                                              										_t162 = _v28;
                                                                                                                                                              										_t175 = (_t162 << 0x00000020 | _v24) >> 4;
                                                                                                                                                              										 *_t184 = _t129;
                                                                                                                                                              										_t184 = _t184 + 1;
                                                                                                                                                              										_t150 = _t162 >> 4;
                                                                                                                                                              										_t131 = _v12 - 4;
                                                                                                                                                              										_t186 = _t186 - 1;
                                                                                                                                                              										_v24 = (_t162 << 0x00000020 | _v24) >> 4;
                                                                                                                                                              										_v28 = _t162 >> 4;
                                                                                                                                                              										_v12 = _t131;
                                                                                                                                                              										__eflags = _t131;
                                                                                                                                                              										if(_t131 >= 0) {
                                                                                                                                                              											continue;
                                                                                                                                                              										} else {
                                                                                                                                                              											goto L43;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              									_t186 = _v40;
                                                                                                                                                              									_t184 = _t104;
                                                                                                                                                              									_t105 = E01129086(__eflags, _t140, _t175, _t150, _v32, _a36);
                                                                                                                                                              									_t190 = _t190 + 0x14;
                                                                                                                                                              									__eflags = _t105;
                                                                                                                                                              									if(_t105 == 0) {
                                                                                                                                                              										goto L43;
                                                                                                                                                              									}
                                                                                                                                                              									_t184 = _v36;
                                                                                                                                                              									_t146 = 0x30;
                                                                                                                                                              									_t124 = _t184 - 1;
                                                                                                                                                              									while(1) {
                                                                                                                                                              										_t156 =  *_t124;
                                                                                                                                                              										__eflags = _t156 - 0x66;
                                                                                                                                                              										if(_t156 == 0x66) {
                                                                                                                                                              											goto L36;
                                                                                                                                                              										}
                                                                                                                                                              										__eflags = _t156 - 0x46;
                                                                                                                                                              										if(_t156 != 0x46) {
                                                                                                                                                              											_t140 = _a4;
                                                                                                                                                              											__eflags = _t124 - _v16;
                                                                                                                                                              											if(_t124 == _v16) {
                                                                                                                                                              												_t65 = _t124 - 1;
                                                                                                                                                              												 *_t65 =  *(_t124 - 1) + 1;
                                                                                                                                                              												__eflags =  *_t65;
                                                                                                                                                              											} else {
                                                                                                                                                              												__eflags = _t156 - 0x39;
                                                                                                                                                              												if(_t156 != 0x39) {
                                                                                                                                                              													_t157 = _t156 + 1;
                                                                                                                                                              													__eflags = _t157;
                                                                                                                                                              												} else {
                                                                                                                                                              													_t157 = _v48 + 0x3a;
                                                                                                                                                              												}
                                                                                                                                                              												 *_t124 = _t157;
                                                                                                                                                              											}
                                                                                                                                                              											goto L43;
                                                                                                                                                              										}
                                                                                                                                                              										L36:
                                                                                                                                                              										 *_t124 = _t146;
                                                                                                                                                              										_t124 = _t124 - 1;
                                                                                                                                                              									}
                                                                                                                                                              								} else {
                                                                                                                                                              									__eflags =  *_t140 - _t149;
                                                                                                                                                              									if( *_t140 <= _t149) {
                                                                                                                                                              										L43:
                                                                                                                                                              										__eflags = _t186;
                                                                                                                                                              										if(_t186 > 0) {
                                                                                                                                                              											_push(_t186);
                                                                                                                                                              											_t122 = 0x30;
                                                                                                                                                              											_push(_t122);
                                                                                                                                                              											_push(_t184);
                                                                                                                                                              											E0111DBB0(_t184);
                                                                                                                                                              											_t184 = _t184 + _t186;
                                                                                                                                                              											__eflags = _t184;
                                                                                                                                                              										}
                                                                                                                                                              										_t106 = _v16;
                                                                                                                                                              										__eflags =  *_t106;
                                                                                                                                                              										if( *_t106 == 0) {
                                                                                                                                                              											_t184 = _t106;
                                                                                                                                                              										}
                                                                                                                                                              										 *_t184 = (_v5 << 5) + 0x50;
                                                                                                                                                              										_t176 = _t140[1];
                                                                                                                                                              										_t111 = E011332E0( *_t140, 0x34, _t176);
                                                                                                                                                              										_t141 = 0;
                                                                                                                                                              										_t188 = _t176 & 0;
                                                                                                                                                              										_t70 = _t184 + 2; // 0x2
                                                                                                                                                              										_t177 = _t70;
                                                                                                                                                              										_t154 = (_t111 & 0x000007ff) - _v20;
                                                                                                                                                              										__eflags = _t154;
                                                                                                                                                              										_v48 = _t177;
                                                                                                                                                              										asm("sbb esi, ebx");
                                                                                                                                                              										if(__eflags < 0) {
                                                                                                                                                              											L51:
                                                                                                                                                              											_t154 =  ~_t154;
                                                                                                                                                              											asm("adc esi, ebx");
                                                                                                                                                              											_t188 =  ~_t188;
                                                                                                                                                              											0x2b = 0x2d;
                                                                                                                                                              											goto L52;
                                                                                                                                                              										} else {
                                                                                                                                                              											if(__eflags > 0) {
                                                                                                                                                              												L50:
                                                                                                                                                              												L52:
                                                                                                                                                              												 *(_t184 + 1) = 0x2b;
                                                                                                                                                              												_t185 = _t177;
                                                                                                                                                              												_t113 = 0x30;
                                                                                                                                                              												 *_t177 = _t113;
                                                                                                                                                              												__eflags = _t188 - _t141;
                                                                                                                                                              												if(__eflags < 0) {
                                                                                                                                                              													L61:
                                                                                                                                                              													_t178 = 0x30;
                                                                                                                                                              													L62:
                                                                                                                                                              													__eflags = _t188 - _t141;
                                                                                                                                                              													if(__eflags < 0) {
                                                                                                                                                              														L66:
                                                                                                                                                              														_t155 = _t154 + _t178;
                                                                                                                                                              														__eflags = _t155;
                                                                                                                                                              														 *_t185 = _t155;
                                                                                                                                                              														 *(_t185 + 1) = _t141;
                                                                                                                                                              														L67:
                                                                                                                                                              														_t114 = 0;
                                                                                                                                                              														__eflags = 0;
                                                                                                                                                              														L68:
                                                                                                                                                              														return _t114;
                                                                                                                                                              													}
                                                                                                                                                              													if(__eflags > 0) {
                                                                                                                                                              														L65:
                                                                                                                                                              														_push(_t141);
                                                                                                                                                              														_push(_t141);
                                                                                                                                                              														_push(0xa);
                                                                                                                                                              														_push(_t188);
                                                                                                                                                              														_push(_t154);
                                                                                                                                                              														_t115 = E01133420();
                                                                                                                                                              														_v48 = _t178;
                                                                                                                                                              														_t178 = 0x30;
                                                                                                                                                              														 *_t185 = _t115 + _t178;
                                                                                                                                                              														_t185 = _t185 + 1;
                                                                                                                                                              														_t141 = 0;
                                                                                                                                                              														__eflags = 0;
                                                                                                                                                              														goto L66;
                                                                                                                                                              													}
                                                                                                                                                              													__eflags = _t154 - 0xa;
                                                                                                                                                              													if(_t154 < 0xa) {
                                                                                                                                                              														goto L66;
                                                                                                                                                              													}
                                                                                                                                                              													goto L65;
                                                                                                                                                              												}
                                                                                                                                                              												if(__eflags > 0) {
                                                                                                                                                              													L55:
                                                                                                                                                              													_push(_t141);
                                                                                                                                                              													_push(_t141);
                                                                                                                                                              													_push(0x3e8);
                                                                                                                                                              													_push(_t188);
                                                                                                                                                              													_push(_t154);
                                                                                                                                                              													_t118 = E01133420();
                                                                                                                                                              													_t188 = _t141;
                                                                                                                                                              													_v40 = _t177;
                                                                                                                                                              													_t177 = _v48;
                                                                                                                                                              													_t141 = 0;
                                                                                                                                                              													_t185 = _t177 + 1;
                                                                                                                                                              													 *_t177 = _t118 + 0x30;
                                                                                                                                                              													__eflags = _t185 - _t177;
                                                                                                                                                              													if(_t185 != _t177) {
                                                                                                                                                              														L59:
                                                                                                                                                              														_push(_t141);
                                                                                                                                                              														_push(_t141);
                                                                                                                                                              														_push(0x64);
                                                                                                                                                              														_push(_t188);
                                                                                                                                                              														_push(_t154);
                                                                                                                                                              														_t120 = E01133420();
                                                                                                                                                              														_t188 = _t141;
                                                                                                                                                              														_v40 = _t177;
                                                                                                                                                              														_t141 = 0;
                                                                                                                                                              														_t178 = 0x30;
                                                                                                                                                              														 *_t185 = _t120 + _t178;
                                                                                                                                                              														_t185 = _t185 + 1;
                                                                                                                                                              														__eflags = _t185 - _v48;
                                                                                                                                                              														if(_t185 != _v48) {
                                                                                                                                                              															goto L65;
                                                                                                                                                              														}
                                                                                                                                                              														goto L62;
                                                                                                                                                              													}
                                                                                                                                                              													L56:
                                                                                                                                                              													__eflags = _t188 - _t141;
                                                                                                                                                              													if(__eflags < 0) {
                                                                                                                                                              														goto L61;
                                                                                                                                                              													}
                                                                                                                                                              													if(__eflags > 0) {
                                                                                                                                                              														goto L59;
                                                                                                                                                              													}
                                                                                                                                                              													__eflags = _t154 - 0x64;
                                                                                                                                                              													if(_t154 < 0x64) {
                                                                                                                                                              														goto L61;
                                                                                                                                                              													}
                                                                                                                                                              													goto L59;
                                                                                                                                                              												}
                                                                                                                                                              												__eflags = _t154 - 0x3e8;
                                                                                                                                                              												if(_t154 < 0x3e8) {
                                                                                                                                                              													goto L56;
                                                                                                                                                              												}
                                                                                                                                                              												goto L55;
                                                                                                                                                              											}
                                                                                                                                                              											__eflags = _t154;
                                                                                                                                                              											if(_t154 < 0) {
                                                                                                                                                              												goto L51;
                                                                                                                                                              											}
                                                                                                                                                              											goto L50;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              									goto L26;
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              							 *_t183 = _t93;
                                                                                                                                                              							_t149 =  *_t140 | _t140[1] & 0x000fffff;
                                                                                                                                                              							__eflags = _t149;
                                                                                                                                                              							if(_t149 != 0) {
                                                                                                                                                              								_v20 = 0x3fe;
                                                                                                                                                              								goto L18;
                                                                                                                                                              							}
                                                                                                                                                              							_v20 = _t149;
                                                                                                                                                              							goto L19;
                                                                                                                                                              						}
                                                                                                                                                              						if(__eflags < 0) {
                                                                                                                                                              							L12:
                                                                                                                                                              							 *_t183 = 0x2d;
                                                                                                                                                              							_t183 = _t183 + 1;
                                                                                                                                                              							__eflags = _t183;
                                                                                                                                                              							_t147 = _t140[1];
                                                                                                                                                              							goto L13;
                                                                                                                                                              						}
                                                                                                                                                              						__eflags = _t173;
                                                                                                                                                              						if(_t173 >= 0) {
                                                                                                                                                              							goto L13;
                                                                                                                                                              						}
                                                                                                                                                              						goto L12;
                                                                                                                                                              					}
                                                                                                                                                              					_t114 = E01128B81(_t140, _t147, _t173, __eflags, _t140, _t183, _a12, _a16, _a20, _t186, 0, _a32, _a36, _a40);
                                                                                                                                                              					__eflags = _t114;
                                                                                                                                                              					if(_t114 == 0) {
                                                                                                                                                              						_t136 = E01134500(_t183, 0x65);
                                                                                                                                                              						__eflags = _t136;
                                                                                                                                                              						if(_t136 != 0) {
                                                                                                                                                              							 *_t136 = ((_a28 ^ 0x00000001) << 5) + 0x50;
                                                                                                                                                              							 *((char*)(_t136 + 3)) = 0;
                                                                                                                                                              						}
                                                                                                                                                              						goto L67;
                                                                                                                                                              					}
                                                                                                                                                              					 *_t183 = 0;
                                                                                                                                                              					goto L68;
                                                                                                                                                              				}
                                                                                                                                                              				_t171 = _a40;
                                                                                                                                                              				_t189 = 0x22;
                                                                                                                                                              				 *((char*)(_t171 + 0x1c)) = 1;
                                                                                                                                                              				 *((intOrPtr*)(_t171 + 0x18)) = _t189;
                                                                                                                                                              				E0111F8B1(_t183, _t189, 0, 0, 0, 0, 0, _t171);
                                                                                                                                                              				return _t189;
                                                                                                                                                              			}






























































                                                                                                                                                              0x01128860
                                                                                                                                                              0x01128866
                                                                                                                                                              0x01128868
                                                                                                                                                              0x01128868
                                                                                                                                                              0x0112886a
                                                                                                                                                              0x0112886d
                                                                                                                                                              0x01128870
                                                                                                                                                              0x01128875
                                                                                                                                                              0x0112889a
                                                                                                                                                              0x0112889d
                                                                                                                                                              0x011288a2
                                                                                                                                                              0x011288ac
                                                                                                                                                              0x011288b1
                                                                                                                                                              0x0112890a
                                                                                                                                                              0x0112890c
                                                                                                                                                              0x0112891b
                                                                                                                                                              0x0112891e
                                                                                                                                                              0x0112891e
                                                                                                                                                              0x01128921
                                                                                                                                                              0x01128923
                                                                                                                                                              0x0112892a
                                                                                                                                                              0x0112893c
                                                                                                                                                              0x0112893f
                                                                                                                                                              0x01128944
                                                                                                                                                              0x01128948
                                                                                                                                                              0x01128949
                                                                                                                                                              0x01128969
                                                                                                                                                              0x0112896c
                                                                                                                                                              0x0112896c
                                                                                                                                                              0x0112896c
                                                                                                                                                              0x0112896e
                                                                                                                                                              0x0112896e
                                                                                                                                                              0x0112896e
                                                                                                                                                              0x01128971
                                                                                                                                                              0x01128973
                                                                                                                                                              0x01128979
                                                                                                                                                              0x0112897c
                                                                                                                                                              0x01128980
                                                                                                                                                              0x01128984
                                                                                                                                                              0x01128989
                                                                                                                                                              0x0112898c
                                                                                                                                                              0x0112898c
                                                                                                                                                              0x01128992
                                                                                                                                                              0x01128992
                                                                                                                                                              0x0112899c
                                                                                                                                                              0x01128975
                                                                                                                                                              0x01128975
                                                                                                                                                              0x01128975
                                                                                                                                                              0x0112899e
                                                                                                                                                              0x011289a3
                                                                                                                                                              0x011289a3
                                                                                                                                                              0x011289a8
                                                                                                                                                              0x011289ab
                                                                                                                                                              0x011289b5
                                                                                                                                                              0x011289b7
                                                                                                                                                              0x011289b9
                                                                                                                                                              0x011289be
                                                                                                                                                              0x011289bf
                                                                                                                                                              0x011289c2
                                                                                                                                                              0x011289c5
                                                                                                                                                              0x011289c8
                                                                                                                                                              0x011289ce
                                                                                                                                                              0x011289d1
                                                                                                                                                              0x011289d3
                                                                                                                                                              0x011289d6
                                                                                                                                                              0x011289d9
                                                                                                                                                              0x011289db
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011289f2
                                                                                                                                                              0x011289f9
                                                                                                                                                              0x011289fd
                                                                                                                                                              0x01128a00
                                                                                                                                                              0x01128a03
                                                                                                                                                              0x01128a05
                                                                                                                                                              0x01128a05
                                                                                                                                                              0x01128a05
                                                                                                                                                              0x01128a0b
                                                                                                                                                              0x01128a0e
                                                                                                                                                              0x01128a12
                                                                                                                                                              0x01128a14
                                                                                                                                                              0x01128a18
                                                                                                                                                              0x01128a1b
                                                                                                                                                              0x01128a1e
                                                                                                                                                              0x01128a1f
                                                                                                                                                              0x01128a22
                                                                                                                                                              0x01128a25
                                                                                                                                                              0x01128a28
                                                                                                                                                              0x01128a2b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128a2d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128a2d
                                                                                                                                                              0x01128a2b
                                                                                                                                                              0x01128a32
                                                                                                                                                              0x01128a35
                                                                                                                                                              0x01128a3d
                                                                                                                                                              0x01128a42
                                                                                                                                                              0x01128a45
                                                                                                                                                              0x01128a47
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128a49
                                                                                                                                                              0x01128a4e
                                                                                                                                                              0x01128a4f
                                                                                                                                                              0x01128a52
                                                                                                                                                              0x01128a52
                                                                                                                                                              0x01128a54
                                                                                                                                                              0x01128a57
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128a59
                                                                                                                                                              0x01128a5c
                                                                                                                                                              0x01128a63
                                                                                                                                                              0x01128a66
                                                                                                                                                              0x01128a69
                                                                                                                                                              0x01128a7e
                                                                                                                                                              0x01128a7e
                                                                                                                                                              0x01128a7e
                                                                                                                                                              0x01128a6b
                                                                                                                                                              0x01128a6b
                                                                                                                                                              0x01128a6e
                                                                                                                                                              0x01128a78
                                                                                                                                                              0x01128a78
                                                                                                                                                              0x01128a70
                                                                                                                                                              0x01128a73
                                                                                                                                                              0x01128a73
                                                                                                                                                              0x01128a7a
                                                                                                                                                              0x01128a7a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128a69
                                                                                                                                                              0x01128a5e
                                                                                                                                                              0x01128a5e
                                                                                                                                                              0x01128a60
                                                                                                                                                              0x01128a60
                                                                                                                                                              0x011289ad
                                                                                                                                                              0x011289ad
                                                                                                                                                              0x011289af
                                                                                                                                                              0x01128a81
                                                                                                                                                              0x01128a81
                                                                                                                                                              0x01128a83
                                                                                                                                                              0x01128a85
                                                                                                                                                              0x01128a88
                                                                                                                                                              0x01128a89
                                                                                                                                                              0x01128a8a
                                                                                                                                                              0x01128a8b
                                                                                                                                                              0x01128a93
                                                                                                                                                              0x01128a93
                                                                                                                                                              0x01128a93
                                                                                                                                                              0x01128a95
                                                                                                                                                              0x01128a98
                                                                                                                                                              0x01128a9b
                                                                                                                                                              0x01128a9d
                                                                                                                                                              0x01128a9d
                                                                                                                                                              0x01128aa9
                                                                                                                                                              0x01128aad
                                                                                                                                                              0x01128ab0
                                                                                                                                                              0x01128ab5
                                                                                                                                                              0x01128ac1
                                                                                                                                                              0x01128ac3
                                                                                                                                                              0x01128ac3
                                                                                                                                                              0x01128ac6
                                                                                                                                                              0x01128ac6
                                                                                                                                                              0x01128ac9
                                                                                                                                                              0x01128acc
                                                                                                                                                              0x01128ace
                                                                                                                                                              0x01128ada
                                                                                                                                                              0x01128ada
                                                                                                                                                              0x01128ade
                                                                                                                                                              0x01128ae0
                                                                                                                                                              0x01128ae2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128ad0
                                                                                                                                                              0x01128ad0
                                                                                                                                                              0x01128ad6
                                                                                                                                                              0x01128ae3
                                                                                                                                                              0x01128ae3
                                                                                                                                                              0x01128ae6
                                                                                                                                                              0x01128aea
                                                                                                                                                              0x01128aeb
                                                                                                                                                              0x01128aed
                                                                                                                                                              0x01128aef
                                                                                                                                                              0x01128b4b
                                                                                                                                                              0x01128b4d
                                                                                                                                                              0x01128b4e
                                                                                                                                                              0x01128b4e
                                                                                                                                                              0x01128b50
                                                                                                                                                              0x01128b73
                                                                                                                                                              0x01128b73
                                                                                                                                                              0x01128b73
                                                                                                                                                              0x01128b75
                                                                                                                                                              0x01128b77
                                                                                                                                                              0x01128b7a
                                                                                                                                                              0x01128b7a
                                                                                                                                                              0x01128b7a
                                                                                                                                                              0x01128b7c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128b7c
                                                                                                                                                              0x01128b52
                                                                                                                                                              0x01128b59
                                                                                                                                                              0x01128b59
                                                                                                                                                              0x01128b5a
                                                                                                                                                              0x01128b5b
                                                                                                                                                              0x01128b5d
                                                                                                                                                              0x01128b5e
                                                                                                                                                              0x01128b5f
                                                                                                                                                              0x01128b68
                                                                                                                                                              0x01128b6b
                                                                                                                                                              0x01128b6e
                                                                                                                                                              0x01128b70
                                                                                                                                                              0x01128b71
                                                                                                                                                              0x01128b71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128b71
                                                                                                                                                              0x01128b54
                                                                                                                                                              0x01128b57
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128b57
                                                                                                                                                              0x01128af6
                                                                                                                                                              0x01128afc
                                                                                                                                                              0x01128afc
                                                                                                                                                              0x01128afd
                                                                                                                                                              0x01128afe
                                                                                                                                                              0x01128aff
                                                                                                                                                              0x01128b00
                                                                                                                                                              0x01128b01
                                                                                                                                                              0x01128b06
                                                                                                                                                              0x01128b0a
                                                                                                                                                              0x01128b0f
                                                                                                                                                              0x01128b12
                                                                                                                                                              0x01128b14
                                                                                                                                                              0x01128b17
                                                                                                                                                              0x01128b19
                                                                                                                                                              0x01128b1b
                                                                                                                                                              0x01128b28
                                                                                                                                                              0x01128b28
                                                                                                                                                              0x01128b29
                                                                                                                                                              0x01128b2a
                                                                                                                                                              0x01128b2c
                                                                                                                                                              0x01128b2d
                                                                                                                                                              0x01128b2e
                                                                                                                                                              0x01128b33
                                                                                                                                                              0x01128b39
                                                                                                                                                              0x01128b3c
                                                                                                                                                              0x01128b3e
                                                                                                                                                              0x01128b41
                                                                                                                                                              0x01128b43
                                                                                                                                                              0x01128b44
                                                                                                                                                              0x01128b47
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128b49
                                                                                                                                                              0x01128b1d
                                                                                                                                                              0x01128b1d
                                                                                                                                                              0x01128b1f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128b21
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128b23
                                                                                                                                                              0x01128b26
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128b26
                                                                                                                                                              0x01128af8
                                                                                                                                                              0x01128afa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128afa
                                                                                                                                                              0x01128ad2
                                                                                                                                                              0x01128ad4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128ad4
                                                                                                                                                              0x01128ace
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011289af
                                                                                                                                                              0x011289ab
                                                                                                                                                              0x0112894b
                                                                                                                                                              0x01128957
                                                                                                                                                              0x01128957
                                                                                                                                                              0x01128959
                                                                                                                                                              0x01128960
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128960
                                                                                                                                                              0x0112895b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112895b
                                                                                                                                                              0x0112890e
                                                                                                                                                              0x01128914
                                                                                                                                                              0x01128914
                                                                                                                                                              0x01128917
                                                                                                                                                              0x01128917
                                                                                                                                                              0x01128918
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128918
                                                                                                                                                              0x01128910
                                                                                                                                                              0x01128912
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128912
                                                                                                                                                              0x011288cb
                                                                                                                                                              0x011288d3
                                                                                                                                                              0x011288d5
                                                                                                                                                              0x011288e2
                                                                                                                                                              0x011288e9
                                                                                                                                                              0x011288eb
                                                                                                                                                              0x011288fd
                                                                                                                                                              0x011288ff
                                                                                                                                                              0x011288ff
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011288eb
                                                                                                                                                              0x011288d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011288d7
                                                                                                                                                              0x01128877
                                                                                                                                                              0x0112887c
                                                                                                                                                              0x01128883
                                                                                                                                                              0x01128887
                                                                                                                                                              0x0112888a
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                              • Opcode ID: f77f0a38619fa48c357ae067ec54b54d003bd1ab7cf58d661b3b037f249f522d
                                                                                                                                                              • Instruction ID: 7a6f27a368969e5d9a0e5e42757ef67e73e549b072c0c6f370c6572d4bff0917
                                                                                                                                                              • Opcode Fuzzy Hash: f77f0a38619fa48c357ae067ec54b54d003bd1ab7cf58d661b3b037f249f522d
                                                                                                                                                              • Instruction Fuzzy Hash: 12B16772E042669FDF1D8F6CC890BEEBFE5EF59304F19816AD901AB241D3349921C761
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E0111CC19(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
                                                                                                                                                              				char _v0;
                                                                                                                                                              				struct _EXCEPTION_POINTERS _v12;
                                                                                                                                                              				intOrPtr _v80;
                                                                                                                                                              				intOrPtr _v88;
                                                                                                                                                              				char _v92;
                                                                                                                                                              				intOrPtr _v608;
                                                                                                                                                              				intOrPtr _v612;
                                                                                                                                                              				void* _v616;
                                                                                                                                                              				intOrPtr _v620;
                                                                                                                                                              				char _v624;
                                                                                                                                                              				intOrPtr _v628;
                                                                                                                                                              				intOrPtr _v632;
                                                                                                                                                              				intOrPtr _v636;
                                                                                                                                                              				intOrPtr _v640;
                                                                                                                                                              				intOrPtr _v644;
                                                                                                                                                              				intOrPtr _v648;
                                                                                                                                                              				intOrPtr _v652;
                                                                                                                                                              				intOrPtr _v656;
                                                                                                                                                              				intOrPtr _v660;
                                                                                                                                                              				intOrPtr _v664;
                                                                                                                                                              				intOrPtr _v668;
                                                                                                                                                              				char _v808;
                                                                                                                                                              				char* _t39;
                                                                                                                                                              				long _t49;
                                                                                                                                                              				intOrPtr _t51;
                                                                                                                                                              				void* _t54;
                                                                                                                                                              				intOrPtr _t55;
                                                                                                                                                              				intOrPtr _t57;
                                                                                                                                                              				intOrPtr _t58;
                                                                                                                                                              				intOrPtr _t59;
                                                                                                                                                              				intOrPtr* _t60;
                                                                                                                                                              
                                                                                                                                                              				_t59 = __esi;
                                                                                                                                                              				_t58 = __edi;
                                                                                                                                                              				_t57 = __edx;
                                                                                                                                                              				if(IsProcessorFeaturePresent(0x17) != 0) {
                                                                                                                                                              					_t55 = _a4;
                                                                                                                                                              					asm("int 0x29");
                                                                                                                                                              				}
                                                                                                                                                              				E0111CE12(_t34);
                                                                                                                                                              				 *_t60 = 0x2cc;
                                                                                                                                                              				_v632 = E0111DBB0(_t58,  &_v808, 0, 3);
                                                                                                                                                              				_v636 = _t55;
                                                                                                                                                              				_v640 = _t57;
                                                                                                                                                              				_v644 = _t51;
                                                                                                                                                              				_v648 = _t59;
                                                                                                                                                              				_v652 = _t58;
                                                                                                                                                              				_v608 = ss;
                                                                                                                                                              				_v620 = cs;
                                                                                                                                                              				_v656 = ds;
                                                                                                                                                              				_v660 = es;
                                                                                                                                                              				_v664 = fs;
                                                                                                                                                              				_v668 = gs;
                                                                                                                                                              				asm("pushfd");
                                                                                                                                                              				_pop( *_t15);
                                                                                                                                                              				_v624 = _v0;
                                                                                                                                                              				_t39 =  &_v0;
                                                                                                                                                              				_v612 = _t39;
                                                                                                                                                              				_v808 = 0x10001;
                                                                                                                                                              				_v628 =  *((intOrPtr*)(_t39 - 4));
                                                                                                                                                              				E0111DBB0(_t58,  &_v92, 0, 0x50);
                                                                                                                                                              				_v92 = 0x40000015;
                                                                                                                                                              				_v88 = 1;
                                                                                                                                                              				_v80 = _v0;
                                                                                                                                                              				_t28 = IsDebuggerPresent() - 1; // -1
                                                                                                                                                              				_v12.ExceptionRecord =  &_v92;
                                                                                                                                                              				asm("sbb bl, bl");
                                                                                                                                                              				_v12.ContextRecord =  &_v808;
                                                                                                                                                              				_t54 =  ~_t28 + 1;
                                                                                                                                                              				SetUnhandledExceptionFilter(0);
                                                                                                                                                              				_t49 = UnhandledExceptionFilter( &_v12);
                                                                                                                                                              				if(_t49 == 0 && _t54 == 0) {
                                                                                                                                                              					_push(3);
                                                                                                                                                              					return E0111CE12(_t49);
                                                                                                                                                              				}
                                                                                                                                                              				return _t49;
                                                                                                                                                              			}


































                                                                                                                                                              0x0111cc19
                                                                                                                                                              0x0111cc19
                                                                                                                                                              0x0111cc19
                                                                                                                                                              0x0111cc2d
                                                                                                                                                              0x0111cc2f
                                                                                                                                                              0x0111cc32
                                                                                                                                                              0x0111cc32
                                                                                                                                                              0x0111cc36
                                                                                                                                                              0x0111cc3b
                                                                                                                                                              0x0111cc53
                                                                                                                                                              0x0111cc59
                                                                                                                                                              0x0111cc5f
                                                                                                                                                              0x0111cc65
                                                                                                                                                              0x0111cc6b
                                                                                                                                                              0x0111cc71
                                                                                                                                                              0x0111cc77
                                                                                                                                                              0x0111cc7e
                                                                                                                                                              0x0111cc85
                                                                                                                                                              0x0111cc8c
                                                                                                                                                              0x0111cc93
                                                                                                                                                              0x0111cc9a
                                                                                                                                                              0x0111cca1
                                                                                                                                                              0x0111cca2
                                                                                                                                                              0x0111ccab
                                                                                                                                                              0x0111ccb1
                                                                                                                                                              0x0111ccb4
                                                                                                                                                              0x0111ccba
                                                                                                                                                              0x0111ccc9
                                                                                                                                                              0x0111ccd5
                                                                                                                                                              0x0111cce0
                                                                                                                                                              0x0111cce7
                                                                                                                                                              0x0111ccee
                                                                                                                                                              0x0111ccf9
                                                                                                                                                              0x0111cd01
                                                                                                                                                              0x0111cd0a
                                                                                                                                                              0x0111cd0c
                                                                                                                                                              0x0111cd0f
                                                                                                                                                              0x0111cd11
                                                                                                                                                              0x0111cd1b
                                                                                                                                                              0x0111cd23
                                                                                                                                                              0x0111cd29
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111cd30
                                                                                                                                                              0x0111cd33

                                                                                                                                                              APIs
                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0111CC25
                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0111CCF1
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0111CD11
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 0111CD1B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                              • Opcode ID: 901398555ab4e077910917da910b3771071afa03de600d6353694034856583a6
                                                                                                                                                              • Instruction ID: 40582da07b653c406f546fa74665882356e05041205fee06768c4a0f5fd99094
                                                                                                                                                              • Opcode Fuzzy Hash: 901398555ab4e077910917da910b3771071afa03de600d6353694034856583a6
                                                                                                                                                              • Instruction Fuzzy Hash: D83106B59453199BDF21DFA4D9897CDFBB8AF08304F1040EAE509AB284EB705A848F44
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                              			E0111F732(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                              				char _v0;
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				intOrPtr _v524;
                                                                                                                                                              				intOrPtr _v528;
                                                                                                                                                              				void* _v532;
                                                                                                                                                              				intOrPtr _v536;
                                                                                                                                                              				char _v540;
                                                                                                                                                              				intOrPtr _v544;
                                                                                                                                                              				intOrPtr _v548;
                                                                                                                                                              				intOrPtr _v552;
                                                                                                                                                              				intOrPtr _v556;
                                                                                                                                                              				intOrPtr _v560;
                                                                                                                                                              				intOrPtr _v564;
                                                                                                                                                              				intOrPtr _v568;
                                                                                                                                                              				intOrPtr _v572;
                                                                                                                                                              				intOrPtr _v576;
                                                                                                                                                              				intOrPtr _v580;
                                                                                                                                                              				intOrPtr _v584;
                                                                                                                                                              				char _v724;
                                                                                                                                                              				intOrPtr _v792;
                                                                                                                                                              				intOrPtr _v800;
                                                                                                                                                              				char _v804;
                                                                                                                                                              				struct _EXCEPTION_POINTERS _v812;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				signed int _t40;
                                                                                                                                                              				char* _t47;
                                                                                                                                                              				char* _t49;
                                                                                                                                                              				intOrPtr _t60;
                                                                                                                                                              				intOrPtr _t61;
                                                                                                                                                              				intOrPtr _t65;
                                                                                                                                                              				intOrPtr _t66;
                                                                                                                                                              				int _t67;
                                                                                                                                                              				intOrPtr _t68;
                                                                                                                                                              				signed int _t69;
                                                                                                                                                              
                                                                                                                                                              				_t68 = __esi;
                                                                                                                                                              				_t65 = __edx;
                                                                                                                                                              				_t60 = __ebx;
                                                                                                                                                              				_t40 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_t41 = _t40 ^ _t69;
                                                                                                                                                              				_v8 = _t40 ^ _t69;
                                                                                                                                                              				if(_a4 != 0xffffffff) {
                                                                                                                                                              					_push(_a4);
                                                                                                                                                              					E0111CE12(_t41);
                                                                                                                                                              					_pop(_t61);
                                                                                                                                                              				}
                                                                                                                                                              				E0111DBB0(_t66,  &_v804, 0, 0x50);
                                                                                                                                                              				E0111DBB0(_t66,  &_v724, 0, 0x2cc);
                                                                                                                                                              				_v812.ExceptionRecord =  &_v804;
                                                                                                                                                              				_t47 =  &_v724;
                                                                                                                                                              				_v812.ContextRecord = _t47;
                                                                                                                                                              				_v548 = _t47;
                                                                                                                                                              				_v552 = _t61;
                                                                                                                                                              				_v556 = _t65;
                                                                                                                                                              				_v560 = _t60;
                                                                                                                                                              				_v564 = _t68;
                                                                                                                                                              				_v568 = _t66;
                                                                                                                                                              				_v524 = ss;
                                                                                                                                                              				_v536 = cs;
                                                                                                                                                              				_v572 = ds;
                                                                                                                                                              				_v576 = es;
                                                                                                                                                              				_v580 = fs;
                                                                                                                                                              				_v584 = gs;
                                                                                                                                                              				asm("pushfd");
                                                                                                                                                              				_pop( *_t22);
                                                                                                                                                              				_v540 = _v0;
                                                                                                                                                              				_t49 =  &_v0;
                                                                                                                                                              				_v528 = _t49;
                                                                                                                                                              				_v724 = 0x10001;
                                                                                                                                                              				_v544 =  *((intOrPtr*)(_t49 - 4));
                                                                                                                                                              				_v804 = _a8;
                                                                                                                                                              				_v800 = _a12;
                                                                                                                                                              				_v792 = _v0;
                                                                                                                                                              				_t67 = IsDebuggerPresent();
                                                                                                                                                              				SetUnhandledExceptionFilter(0);
                                                                                                                                                              				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
                                                                                                                                                              					_push(_a4);
                                                                                                                                                              					_t57 = E0111CE12(_t57);
                                                                                                                                                              				}
                                                                                                                                                              				return E0111C2E8(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
                                                                                                                                                              			}





































                                                                                                                                                              0x0111f732
                                                                                                                                                              0x0111f732
                                                                                                                                                              0x0111f732
                                                                                                                                                              0x0111f73d
                                                                                                                                                              0x0111f742
                                                                                                                                                              0x0111f744
                                                                                                                                                              0x0111f74c
                                                                                                                                                              0x0111f74e
                                                                                                                                                              0x0111f751
                                                                                                                                                              0x0111f756
                                                                                                                                                              0x0111f756
                                                                                                                                                              0x0111f762
                                                                                                                                                              0x0111f775
                                                                                                                                                              0x0111f783
                                                                                                                                                              0x0111f789
                                                                                                                                                              0x0111f78f
                                                                                                                                                              0x0111f795
                                                                                                                                                              0x0111f79b
                                                                                                                                                              0x0111f7a1
                                                                                                                                                              0x0111f7a7
                                                                                                                                                              0x0111f7ad
                                                                                                                                                              0x0111f7b3
                                                                                                                                                              0x0111f7b9
                                                                                                                                                              0x0111f7c0
                                                                                                                                                              0x0111f7c7
                                                                                                                                                              0x0111f7ce
                                                                                                                                                              0x0111f7d5
                                                                                                                                                              0x0111f7dc
                                                                                                                                                              0x0111f7e3
                                                                                                                                                              0x0111f7e4
                                                                                                                                                              0x0111f7ed
                                                                                                                                                              0x0111f7f3
                                                                                                                                                              0x0111f7f6
                                                                                                                                                              0x0111f7fc
                                                                                                                                                              0x0111f809
                                                                                                                                                              0x0111f812
                                                                                                                                                              0x0111f81b
                                                                                                                                                              0x0111f824
                                                                                                                                                              0x0111f832
                                                                                                                                                              0x0111f834
                                                                                                                                                              0x0111f849
                                                                                                                                                              0x0111f855
                                                                                                                                                              0x0111f858
                                                                                                                                                              0x0111f85d
                                                                                                                                                              0x0111f86a

                                                                                                                                                              APIs
                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0111F82A
                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0111F834
                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0111F841
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                              • Opcode ID: abc07af4345e341cc280b3893f32f703e19cc5de906a139fb6e0ea7917b1387f
                                                                                                                                                              • Instruction ID: 4fc18057ff227e8aa30344c62701a87b6f77dd94daffbab2bba744855a02ce29
                                                                                                                                                              • Opcode Fuzzy Hash: abc07af4345e341cc280b3893f32f703e19cc5de906a139fb6e0ea7917b1387f
                                                                                                                                                              • Instruction Fuzzy Hash: 9931C4B49012299BCB25DF68DD887DDBBB8BF08310F5041EAE91CA7294E7709B858F44
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E01125345(void* __ecx, signed int __edx, signed int* _a4) {
                                                                                                                                                              				struct _FILETIME _v12;
                                                                                                                                                              				signed int _t10;
                                                                                                                                                              				signed int* _t15;
                                                                                                                                                              				signed int _t16;
                                                                                                                                                              				signed int _t23;
                                                                                                                                                              				void* _t25;
                                                                                                                                                              
                                                                                                                                                              				_t16 = __edx;
                                                                                                                                                              				_v12.dwLowDateTime = 0;
                                                                                                                                                              				_v12.dwHighDateTime = 0;
                                                                                                                                                              				GetSystemTimeAsFileTime( &_v12);
                                                                                                                                                              				asm("sbb eax, 0x19db1de");
                                                                                                                                                              				_t10 = E01133370(_v12.dwLowDateTime - 0xd53e8000, _v12.dwHighDateTime, 0x989680, 0);
                                                                                                                                                              				_t25 = _t16 - 7;
                                                                                                                                                              				if(_t25 > 0 || _t25 >= 0 && _t10 > 0x93582aff) {
                                                                                                                                                              					_t10 = _t10 | 0xffffffff;
                                                                                                                                                              					_t16 = _t10;
                                                                                                                                                              				}
                                                                                                                                                              				_t15 = _a4;
                                                                                                                                                              				_t23 = _t10;
                                                                                                                                                              				if(_t15 != 0) {
                                                                                                                                                              					 *_t15 = _t10;
                                                                                                                                                              					_t15[1] = _t16;
                                                                                                                                                              				}
                                                                                                                                                              				return _t23;
                                                                                                                                                              			}









                                                                                                                                                              0x01125345
                                                                                                                                                              0x01125354
                                                                                                                                                              0x01125357
                                                                                                                                                              0x0112535a
                                                                                                                                                              0x01125372
                                                                                                                                                              0x01125379
                                                                                                                                                              0x0112537e
                                                                                                                                                              0x01125381
                                                                                                                                                              0x01125390
                                                                                                                                                              0x01125393
                                                                                                                                                              0x01125395
                                                                                                                                                              0x01125397
                                                                                                                                                              0x0112539a
                                                                                                                                                              0x0112539e
                                                                                                                                                              0x011253a0
                                                                                                                                                              0x011253a2
                                                                                                                                                              0x011253a2
                                                                                                                                                              0x011253ac

                                                                                                                                                              APIs
                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0112535A
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01125379
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1518329722-0
                                                                                                                                                              • Opcode ID: ff2351a51f5e3b191487384402a78246727fa96f654970fdc7f10175980d4888
                                                                                                                                                              • Instruction ID: c58f4863379ef1badd5d373946908cf82b05a22b2c03b348572fe3c48599a9c9
                                                                                                                                                              • Opcode Fuzzy Hash: ff2351a51f5e3b191487384402a78246727fa96f654970fdc7f10175980d4888
                                                                                                                                                              • Instruction Fuzzy Hash: 60F0F9B1A04224BB476CCF6D88448DEBEEAEBC5760B258259E819D3344D6B0CD018790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E011161C0(void* _a4) {
                                                                                                                                                              
                                                                                                                                                              				return HeapFree(GetProcessHeap(), 0, _a4);
                                                                                                                                                              			}



                                                                                                                                                              0x011161d7

                                                                                                                                                              APIs
                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 011161C9
                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 011161D0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Heap$FreeProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3859560861-0
                                                                                                                                                              • Opcode ID: 7208bce56869336e76d3cfcac81b3a5a43a7e2275bbf0d784d3cff9427a214d6
                                                                                                                                                              • Instruction ID: 15d521d3c734658d12ddc40376f5d2a80462f760be9042693b532cd01596daf5
                                                                                                                                                              • Opcode Fuzzy Hash: 7208bce56869336e76d3cfcac81b3a5a43a7e2275bbf0d784d3cff9427a214d6
                                                                                                                                                              • Instruction Fuzzy Hash: F5C09BB515430CABD7145BE4EC4DFA5775CE709612F000010F61DC62C8C770A4804761
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                              			E0111CA38(signed int __edx) {
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				signed int _v12;
                                                                                                                                                              				signed int _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				signed int _v24;
                                                                                                                                                              				signed int _v28;
                                                                                                                                                              				signed int _v32;
                                                                                                                                                              				signed int _v36;
                                                                                                                                                              				signed int _v40;
                                                                                                                                                              				intOrPtr _t60;
                                                                                                                                                              				signed int _t61;
                                                                                                                                                              				signed int _t62;
                                                                                                                                                              				signed int _t63;
                                                                                                                                                              				signed int _t66;
                                                                                                                                                              				signed int _t67;
                                                                                                                                                              				signed int _t73;
                                                                                                                                                              				intOrPtr _t74;
                                                                                                                                                              				intOrPtr _t75;
                                                                                                                                                              				intOrPtr* _t77;
                                                                                                                                                              				signed int _t78;
                                                                                                                                                              				intOrPtr* _t82;
                                                                                                                                                              				signed int _t85;
                                                                                                                                                              				signed int _t90;
                                                                                                                                                              				intOrPtr* _t93;
                                                                                                                                                              				signed int _t96;
                                                                                                                                                              				signed int _t99;
                                                                                                                                                              				signed int _t104;
                                                                                                                                                              
                                                                                                                                                              				_t90 = __edx;
                                                                                                                                                              				 *0x1142e88 =  *0x1142e88 & 0x00000000;
                                                                                                                                                              				 *0x114200c =  *0x114200c | 0x00000001;
                                                                                                                                                              				if(IsProcessorFeaturePresent(0xa) == 0) {
                                                                                                                                                              					L23:
                                                                                                                                                              					return 0;
                                                                                                                                                              				}
                                                                                                                                                              				_v20 = _v20 & 0x00000000;
                                                                                                                                                              				_push(_t74);
                                                                                                                                                              				_t93 =  &_v40;
                                                                                                                                                              				asm("cpuid");
                                                                                                                                                              				_t75 = _t74;
                                                                                                                                                              				 *_t93 = 0;
                                                                                                                                                              				 *((intOrPtr*)(_t93 + 4)) = _t74;
                                                                                                                                                              				 *((intOrPtr*)(_t93 + 8)) = 0;
                                                                                                                                                              				 *(_t93 + 0xc) = _t90;
                                                                                                                                                              				_v16 = _v40;
                                                                                                                                                              				_v12 = _v28 ^ 0x49656e69;
                                                                                                                                                              				_v8 = _v36 ^ 0x756e6547;
                                                                                                                                                              				_push(_t75);
                                                                                                                                                              				asm("cpuid");
                                                                                                                                                              				_t77 =  &_v40;
                                                                                                                                                              				 *_t77 = 1;
                                                                                                                                                              				 *((intOrPtr*)(_t77 + 4)) = _t75;
                                                                                                                                                              				 *((intOrPtr*)(_t77 + 8)) = 0;
                                                                                                                                                              				 *(_t77 + 0xc) = _t90;
                                                                                                                                                              				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
                                                                                                                                                              					L9:
                                                                                                                                                              					_t96 =  *0x1142e8c; // 0x2
                                                                                                                                                              					L10:
                                                                                                                                                              					_t85 = _v32;
                                                                                                                                                              					_t60 = 7;
                                                                                                                                                              					_v8 = _t85;
                                                                                                                                                              					if(_v16 < _t60) {
                                                                                                                                                              						_t78 = _v20;
                                                                                                                                                              					} else {
                                                                                                                                                              						_push(_t77);
                                                                                                                                                              						asm("cpuid");
                                                                                                                                                              						_t82 =  &_v40;
                                                                                                                                                              						 *_t82 = _t60;
                                                                                                                                                              						 *((intOrPtr*)(_t82 + 4)) = _t77;
                                                                                                                                                              						 *((intOrPtr*)(_t82 + 8)) = 0;
                                                                                                                                                              						_t85 = _v8;
                                                                                                                                                              						 *(_t82 + 0xc) = _t90;
                                                                                                                                                              						_t78 = _v36;
                                                                                                                                                              						if((_t78 & 0x00000200) != 0) {
                                                                                                                                                              							 *0x1142e8c = _t96 | 0x00000002;
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					_t61 =  *0x114200c; // 0x6f
                                                                                                                                                              					_t62 = _t61 | 0x00000002;
                                                                                                                                                              					 *0x1142e88 = 1;
                                                                                                                                                              					 *0x114200c = _t62;
                                                                                                                                                              					if((_t85 & 0x00100000) != 0) {
                                                                                                                                                              						_t63 = _t62 | 0x00000004;
                                                                                                                                                              						 *0x1142e88 = 2;
                                                                                                                                                              						 *0x114200c = _t63;
                                                                                                                                                              						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
                                                                                                                                                              							asm("xgetbv");
                                                                                                                                                              							_v24 = _t63;
                                                                                                                                                              							_v20 = _t90;
                                                                                                                                                              							_t104 = 6;
                                                                                                                                                              							if((_v24 & _t104) == _t104) {
                                                                                                                                                              								_t66 =  *0x114200c; // 0x6f
                                                                                                                                                              								_t67 = _t66 | 0x00000008;
                                                                                                                                                              								 *0x1142e88 = 3;
                                                                                                                                                              								 *0x114200c = _t67;
                                                                                                                                                              								if((_t78 & 0x00000020) != 0) {
                                                                                                                                                              									 *0x1142e88 = 5;
                                                                                                                                                              									 *0x114200c = _t67 | 0x00000020;
                                                                                                                                                              									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
                                                                                                                                                              										 *0x114200c =  *0x114200c | 0x00000040;
                                                                                                                                                              										 *0x1142e88 = _t104;
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					goto L23;
                                                                                                                                                              				}
                                                                                                                                                              				_t73 = _v40 & 0x0fff3ff0;
                                                                                                                                                              				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
                                                                                                                                                              					_t99 =  *0x1142e8c; // 0x2
                                                                                                                                                              					_t96 = _t99 | 0x00000001;
                                                                                                                                                              					 *0x1142e8c = _t96;
                                                                                                                                                              					goto L10;
                                                                                                                                                              				} else {
                                                                                                                                                              					goto L9;
                                                                                                                                                              				}
                                                                                                                                                              			}






























                                                                                                                                                              0x0111ca38
                                                                                                                                                              0x0111ca3b
                                                                                                                                                              0x0111ca45
                                                                                                                                                              0x0111ca56
                                                                                                                                                              0x0111cc05
                                                                                                                                                              0x0111cc08
                                                                                                                                                              0x0111cc08
                                                                                                                                                              0x0111ca5c
                                                                                                                                                              0x0111ca62
                                                                                                                                                              0x0111ca67
                                                                                                                                                              0x0111ca6b
                                                                                                                                                              0x0111ca6f
                                                                                                                                                              0x0111ca70
                                                                                                                                                              0x0111ca72
                                                                                                                                                              0x0111ca75
                                                                                                                                                              0x0111ca7a
                                                                                                                                                              0x0111ca83
                                                                                                                                                              0x0111ca94
                                                                                                                                                              0x0111ca9f
                                                                                                                                                              0x0111caa5
                                                                                                                                                              0x0111caa6
                                                                                                                                                              0x0111caab
                                                                                                                                                              0x0111caae
                                                                                                                                                              0x0111cab3
                                                                                                                                                              0x0111cabb
                                                                                                                                                              0x0111cabe
                                                                                                                                                              0x0111cac1
                                                                                                                                                              0x0111cb06
                                                                                                                                                              0x0111cb06
                                                                                                                                                              0x0111cb0c
                                                                                                                                                              0x0111cb0c
                                                                                                                                                              0x0111cb11
                                                                                                                                                              0x0111cb12
                                                                                                                                                              0x0111cb18
                                                                                                                                                              0x0111cb49
                                                                                                                                                              0x0111cb1a
                                                                                                                                                              0x0111cb1c
                                                                                                                                                              0x0111cb1d
                                                                                                                                                              0x0111cb22
                                                                                                                                                              0x0111cb25
                                                                                                                                                              0x0111cb27
                                                                                                                                                              0x0111cb2a
                                                                                                                                                              0x0111cb2d
                                                                                                                                                              0x0111cb30
                                                                                                                                                              0x0111cb33
                                                                                                                                                              0x0111cb3c
                                                                                                                                                              0x0111cb41
                                                                                                                                                              0x0111cb41
                                                                                                                                                              0x0111cb3c
                                                                                                                                                              0x0111cb4c
                                                                                                                                                              0x0111cb51
                                                                                                                                                              0x0111cb54
                                                                                                                                                              0x0111cb5e
                                                                                                                                                              0x0111cb69
                                                                                                                                                              0x0111cb6f
                                                                                                                                                              0x0111cb72
                                                                                                                                                              0x0111cb7c
                                                                                                                                                              0x0111cb87
                                                                                                                                                              0x0111cb93
                                                                                                                                                              0x0111cb96
                                                                                                                                                              0x0111cb99
                                                                                                                                                              0x0111cba4
                                                                                                                                                              0x0111cba9
                                                                                                                                                              0x0111cbab
                                                                                                                                                              0x0111cbb0
                                                                                                                                                              0x0111cbb3
                                                                                                                                                              0x0111cbbd
                                                                                                                                                              0x0111cbc5
                                                                                                                                                              0x0111cbca
                                                                                                                                                              0x0111cbd4
                                                                                                                                                              0x0111cbe2
                                                                                                                                                              0x0111cbf5
                                                                                                                                                              0x0111cbfc
                                                                                                                                                              0x0111cbfc
                                                                                                                                                              0x0111cbe2
                                                                                                                                                              0x0111cbc5
                                                                                                                                                              0x0111cba9
                                                                                                                                                              0x0111cb87
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111cc04
                                                                                                                                                              0x0111cac6
                                                                                                                                                              0x0111cad0
                                                                                                                                                              0x0111caf5
                                                                                                                                                              0x0111cafb
                                                                                                                                                              0x0111cafe
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0111CA4E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2325560087-0
                                                                                                                                                              • Opcode ID: e163ee008a471700f6a05246cb290576b666f7ea8cae9cbd1414d930a066c329
                                                                                                                                                              • Instruction ID: cb38cea4bbe16862ee64ff8856d3cc5386ab2233ebfb30467a95e86d2f491b4b
                                                                                                                                                              • Opcode Fuzzy Hash: e163ee008a471700f6a05246cb290576b666f7ea8cae9cbd1414d930a066c329
                                                                                                                                                              • Instruction Fuzzy Hash: C7517EB6901215CBEB2DCF59E4857A9FBF1FB48750F24803AD555E7248D3B49980CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0112A648(void* __ecx) {
                                                                                                                                                              				char _v8;
                                                                                                                                                              				intOrPtr _t7;
                                                                                                                                                              				char _t13;
                                                                                                                                                              
                                                                                                                                                              				_t13 = 0;
                                                                                                                                                              				_v8 = 0;
                                                                                                                                                              				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
                                                                                                                                                              				_t16 =  *((intOrPtr*)(_t7 + 8));
                                                                                                                                                              				if( *((intOrPtr*)(_t7 + 8)) < 0) {
                                                                                                                                                              					L2:
                                                                                                                                                              					_t13 = 1;
                                                                                                                                                              				} else {
                                                                                                                                                              					E011281D0(_t16,  &_v8);
                                                                                                                                                              					if(_v8 != 1) {
                                                                                                                                                              						goto L2;
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              				return _t13;
                                                                                                                                                              			}






                                                                                                                                                              0x0112a655
                                                                                                                                                              0x0112a657
                                                                                                                                                              0x0112a65a
                                                                                                                                                              0x0112a65d
                                                                                                                                                              0x0112a660
                                                                                                                                                              0x0112a671
                                                                                                                                                              0x0112a673
                                                                                                                                                              0x0112a662
                                                                                                                                                              0x0112a666
                                                                                                                                                              0x0112a66f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112a66f
                                                                                                                                                              0x0112a678

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 912de9c0302247284237633f4a30c18a768631efba1307f89ea8dd3ff2119131
                                                                                                                                                              • Instruction ID: 3b97b4c06296ebf9158c1607ba162099c6b63934ac51e6ea1c4a176d51c53ecc
                                                                                                                                                              • Opcode Fuzzy Hash: 912de9c0302247284237633f4a30c18a768631efba1307f89ea8dd3ff2119131
                                                                                                                                                              • Instruction Fuzzy Hash: F0E08C32921238EBCB28DB9CD90898AFBECEB84A04B110096F601D3610D370DE10C7D0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E01125B65(void* __ecx, void* __eflags) {
                                                                                                                                                              
                                                                                                                                                              				if(E0112A648(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
                                                                                                                                                              					return 0;
                                                                                                                                                              				} else {
                                                                                                                                                              					return 1;
                                                                                                                                                              				}
                                                                                                                                                              			}



                                                                                                                                                              0x01125b6d
                                                                                                                                                              0x01125b86
                                                                                                                                                              0x01125b81
                                                                                                                                                              0x01125b83
                                                                                                                                                              0x01125b83

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f8f3931f260c003c1f16bbff5d11be96731fff75a1821e290731b1cc4dae6ed5
                                                                                                                                                              • Instruction ID: 89746579c6c60a11e2fb426d204dac0d3659d24bbb7a5fc4abee0795d25972a7
                                                                                                                                                              • Opcode Fuzzy Hash: f8f3931f260c003c1f16bbff5d11be96731fff75a1821e290731b1cc4dae6ed5
                                                                                                                                                              • Instruction Fuzzy Hash: 69C08C34001AA04ECE3EC91882B43E43357E7D169EF80248CC5020FA42C71E9892DE40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 63%
                                                                                                                                                              			E0111E0A7(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
                                                                                                                                                              				signed char* _v0;
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				signed int _v12;
                                                                                                                                                              				signed int _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				intOrPtr _v24;
                                                                                                                                                              				char _v28;
                                                                                                                                                              				signed int _v32;
                                                                                                                                                              				signed int _v36;
                                                                                                                                                              				signed int _v40;
                                                                                                                                                              				signed int _v44;
                                                                                                                                                              				intOrPtr _v48;
                                                                                                                                                              				signed int _v52;
                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                              				intOrPtr _v60;
                                                                                                                                                              				void _v64;
                                                                                                                                                              				signed int _v68;
                                                                                                                                                              				char _v84;
                                                                                                                                                              				intOrPtr _v88;
                                                                                                                                                              				signed int _v92;
                                                                                                                                                              				intOrPtr _v100;
                                                                                                                                                              				void _v104;
                                                                                                                                                              				intOrPtr* _v112;
                                                                                                                                                              				signed char* _v184;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				void* __ebp;
                                                                                                                                                              				void* _t202;
                                                                                                                                                              				signed int _t203;
                                                                                                                                                              				char _t204;
                                                                                                                                                              				signed int _t206;
                                                                                                                                                              				signed int _t208;
                                                                                                                                                              				signed char* _t209;
                                                                                                                                                              				signed int _t210;
                                                                                                                                                              				signed int _t211;
                                                                                                                                                              				signed int _t215;
                                                                                                                                                              				void* _t218;
                                                                                                                                                              				signed char* _t221;
                                                                                                                                                              				void* _t223;
                                                                                                                                                              				void* _t225;
                                                                                                                                                              				signed char _t229;
                                                                                                                                                              				signed int _t230;
                                                                                                                                                              				void* _t232;
                                                                                                                                                              				void* _t235;
                                                                                                                                                              				void* _t238;
                                                                                                                                                              				signed char _t245;
                                                                                                                                                              				signed int _t250;
                                                                                                                                                              				void* _t253;
                                                                                                                                                              				signed int* _t255;
                                                                                                                                                              				signed int _t256;
                                                                                                                                                              				intOrPtr _t257;
                                                                                                                                                              				signed int _t258;
                                                                                                                                                              				void* _t263;
                                                                                                                                                              				void* _t268;
                                                                                                                                                              				void* _t269;
                                                                                                                                                              				signed int _t273;
                                                                                                                                                              				signed char* _t274;
                                                                                                                                                              				intOrPtr* _t275;
                                                                                                                                                              				signed char _t276;
                                                                                                                                                              				signed int _t277;
                                                                                                                                                              				signed int _t278;
                                                                                                                                                              				intOrPtr* _t280;
                                                                                                                                                              				signed int _t281;
                                                                                                                                                              				signed int _t282;
                                                                                                                                                              				signed int _t287;
                                                                                                                                                              				signed int _t294;
                                                                                                                                                              				signed int _t295;
                                                                                                                                                              				signed int _t298;
                                                                                                                                                              				signed int _t300;
                                                                                                                                                              				signed char* _t301;
                                                                                                                                                              				signed int _t302;
                                                                                                                                                              				signed int _t303;
                                                                                                                                                              				signed int* _t305;
                                                                                                                                                              				signed char* _t308;
                                                                                                                                                              				signed int _t318;
                                                                                                                                                              				signed int _t319;
                                                                                                                                                              				signed int _t321;
                                                                                                                                                              				signed int _t330;
                                                                                                                                                              				void* _t332;
                                                                                                                                                              				void* _t334;
                                                                                                                                                              				void* _t335;
                                                                                                                                                              				void* _t336;
                                                                                                                                                              				void* _t337;
                                                                                                                                                              
                                                                                                                                                              				_t300 = __edx;
                                                                                                                                                              				_push(_t319);
                                                                                                                                                              				_t305 = _a20;
                                                                                                                                                              				_v20 = 0;
                                                                                                                                                              				_v28 = 0;
                                                                                                                                                              				_t279 = E0111F00D(_a8, _a16, _t305);
                                                                                                                                                              				_t335 = _t334 + 0xc;
                                                                                                                                                              				_v12 = _t279;
                                                                                                                                                              				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
                                                                                                                                                              					L66:
                                                                                                                                                              					_t202 = E01126A4A(_t274, _t279, _t300, _t305, _t319);
                                                                                                                                                              					asm("int3");
                                                                                                                                                              					_t332 = _t335;
                                                                                                                                                              					_t336 = _t335 - 0x38;
                                                                                                                                                              					_push(_t274);
                                                                                                                                                              					_t275 = _v112;
                                                                                                                                                              					__eflags =  *_t275 - 0x80000003;
                                                                                                                                                              					if( *_t275 == 0x80000003) {
                                                                                                                                                              						return _t202;
                                                                                                                                                              					} else {
                                                                                                                                                              						_push(_t319);
                                                                                                                                                              						_push(_t305);
                                                                                                                                                              						_t203 = E0111DD62(_t275, _t279, _t300, _t305, _t319);
                                                                                                                                                              						__eflags =  *(_t203 + 8);
                                                                                                                                                              						if( *(_t203 + 8) != 0) {
                                                                                                                                                              							__imp__EncodePointer(0);
                                                                                                                                                              							_t319 = _t203;
                                                                                                                                                              							_t223 = E0111DD62(_t275, _t279, _t300, 0, _t319);
                                                                                                                                                              							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
                                                                                                                                                              							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
                                                                                                                                                              								__eflags =  *_t275 - 0xe0434f4d;
                                                                                                                                                              								if( *_t275 != 0xe0434f4d) {
                                                                                                                                                              									__eflags =  *_t275 - 0xe0434352;
                                                                                                                                                              									if( *_t275 != 0xe0434352) {
                                                                                                                                                              										_t215 = E0111D09B(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
                                                                                                                                                              										_t336 = _t336 + 0x1c;
                                                                                                                                                              										__eflags = _t215;
                                                                                                                                                              										if(_t215 != 0) {
                                                                                                                                                              											L83:
                                                                                                                                                              											return _t215;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              						_t204 = _a16;
                                                                                                                                                              						_v28 = _t204;
                                                                                                                                                              						_v24 = 0;
                                                                                                                                                              						__eflags =  *(_t204 + 0xc);
                                                                                                                                                              						if( *(_t204 + 0xc) > 0) {
                                                                                                                                                              							_push(_a24);
                                                                                                                                                              							E0111CFCE(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
                                                                                                                                                              							_t302 = _v40;
                                                                                                                                                              							_t337 = _t336 + 0x18;
                                                                                                                                                              							_t215 = _v44;
                                                                                                                                                              							_v20 = _t215;
                                                                                                                                                              							_v12 = _t302;
                                                                                                                                                              							__eflags = _t302 - _v32;
                                                                                                                                                              							if(_t302 >= _v32) {
                                                                                                                                                              								goto L83;
                                                                                                                                                              							}
                                                                                                                                                              							_t281 = _t302 * 0x14;
                                                                                                                                                              							__eflags = _t281;
                                                                                                                                                              							_v16 = _t281;
                                                                                                                                                              							do {
                                                                                                                                                              								_t282 = 5;
                                                                                                                                                              								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
                                                                                                                                                              								_t337 = _t337 + 0xc;
                                                                                                                                                              								__eflags = _v64 - _t218;
                                                                                                                                                              								if(_v64 > _t218) {
                                                                                                                                                              									goto L82;
                                                                                                                                                              								}
                                                                                                                                                              								__eflags = _t218 - _v60;
                                                                                                                                                              								if(_t218 > _v60) {
                                                                                                                                                              									goto L82;
                                                                                                                                                              								}
                                                                                                                                                              								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
                                                                                                                                                              								_t287 = _t221[4];
                                                                                                                                                              								__eflags = _t287;
                                                                                                                                                              								if(_t287 == 0) {
                                                                                                                                                              									L80:
                                                                                                                                                              									__eflags =  *_t221 & 0x00000040;
                                                                                                                                                              									if(( *_t221 & 0x00000040) == 0) {
                                                                                                                                                              										_push(0);
                                                                                                                                                              										_push(1);
                                                                                                                                                              										E0111E027(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
                                                                                                                                                              										_t302 = _v12;
                                                                                                                                                              										_t337 = _t337 + 0x30;
                                                                                                                                                              									}
                                                                                                                                                              									goto L82;
                                                                                                                                                              								}
                                                                                                                                                              								__eflags =  *((char*)(_t287 + 8));
                                                                                                                                                              								if( *((char*)(_t287 + 8)) != 0) {
                                                                                                                                                              									goto L82;
                                                                                                                                                              								}
                                                                                                                                                              								goto L80;
                                                                                                                                                              								L82:
                                                                                                                                                              								_t302 = _t302 + 1;
                                                                                                                                                              								_t215 = _v20;
                                                                                                                                                              								_t281 = _v16 + 0x14;
                                                                                                                                                              								_v12 = _t302;
                                                                                                                                                              								_v16 = _t281;
                                                                                                                                                              								__eflags = _t302 - _v32;
                                                                                                                                                              							} while (_t302 < _v32);
                                                                                                                                                              							goto L83;
                                                                                                                                                              						}
                                                                                                                                                              						E01126A4A(_t275, _t279, _t300, 0, _t319);
                                                                                                                                                              						asm("int3");
                                                                                                                                                              						_push(_t332);
                                                                                                                                                              						_t301 = _v184;
                                                                                                                                                              						_push(_t275);
                                                                                                                                                              						_push(_t319);
                                                                                                                                                              						_push(0);
                                                                                                                                                              						_t206 = _t301[4];
                                                                                                                                                              						__eflags = _t206;
                                                                                                                                                              						if(_t206 == 0) {
                                                                                                                                                              							L108:
                                                                                                                                                              							_t208 = 1;
                                                                                                                                                              							__eflags = 1;
                                                                                                                                                              						} else {
                                                                                                                                                              							_t280 = _t206 + 8;
                                                                                                                                                              							__eflags =  *_t280;
                                                                                                                                                              							if( *_t280 == 0) {
                                                                                                                                                              								goto L108;
                                                                                                                                                              							} else {
                                                                                                                                                              								__eflags =  *_t301 & 0x00000080;
                                                                                                                                                              								_t308 = _v0;
                                                                                                                                                              								if(( *_t301 & 0x00000080) == 0) {
                                                                                                                                                              									L90:
                                                                                                                                                              									_t276 = _t308[4];
                                                                                                                                                              									_t321 = 0;
                                                                                                                                                              									__eflags = _t206 - _t276;
                                                                                                                                                              									if(_t206 == _t276) {
                                                                                                                                                              										L100:
                                                                                                                                                              										__eflags =  *_t308 & 0x00000002;
                                                                                                                                                              										if(( *_t308 & 0x00000002) == 0) {
                                                                                                                                                              											L102:
                                                                                                                                                              											_t209 = _a4;
                                                                                                                                                              											__eflags =  *_t209 & 0x00000001;
                                                                                                                                                              											if(( *_t209 & 0x00000001) == 0) {
                                                                                                                                                              												L104:
                                                                                                                                                              												__eflags =  *_t209 & 0x00000002;
                                                                                                                                                              												if(( *_t209 & 0x00000002) == 0) {
                                                                                                                                                              													L106:
                                                                                                                                                              													_t321 = 1;
                                                                                                                                                              													__eflags = 1;
                                                                                                                                                              												} else {
                                                                                                                                                              													__eflags =  *_t301 & 0x00000002;
                                                                                                                                                              													if(( *_t301 & 0x00000002) != 0) {
                                                                                                                                                              														goto L106;
                                                                                                                                                              													}
                                                                                                                                                              												}
                                                                                                                                                              											} else {
                                                                                                                                                              												__eflags =  *_t301 & 0x00000001;
                                                                                                                                                              												if(( *_t301 & 0x00000001) != 0) {
                                                                                                                                                              													goto L104;
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              										} else {
                                                                                                                                                              											__eflags =  *_t301 & 0x00000008;
                                                                                                                                                              											if(( *_t301 & 0x00000008) != 0) {
                                                                                                                                                              												goto L102;
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              										_t208 = _t321;
                                                                                                                                                              									} else {
                                                                                                                                                              										_t185 = _t276 + 8; // 0x6e
                                                                                                                                                              										_t210 = _t185;
                                                                                                                                                              										while(1) {
                                                                                                                                                              											_t277 =  *_t280;
                                                                                                                                                              											__eflags = _t277 -  *_t210;
                                                                                                                                                              											if(_t277 !=  *_t210) {
                                                                                                                                                              												break;
                                                                                                                                                              											}
                                                                                                                                                              											__eflags = _t277;
                                                                                                                                                              											if(_t277 == 0) {
                                                                                                                                                              												L96:
                                                                                                                                                              												_t211 = _t321;
                                                                                                                                                              											} else {
                                                                                                                                                              												_t278 =  *((intOrPtr*)(_t280 + 1));
                                                                                                                                                              												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
                                                                                                                                                              												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
                                                                                                                                                              													break;
                                                                                                                                                              												} else {
                                                                                                                                                              													_t280 = _t280 + 2;
                                                                                                                                                              													_t210 = _t210 + 2;
                                                                                                                                                              													__eflags = _t278;
                                                                                                                                                              													if(_t278 != 0) {
                                                                                                                                                              														continue;
                                                                                                                                                              													} else {
                                                                                                                                                              														goto L96;
                                                                                                                                                              													}
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              											L98:
                                                                                                                                                              											__eflags = _t211;
                                                                                                                                                              											if(_t211 == 0) {
                                                                                                                                                              												goto L100;
                                                                                                                                                              											} else {
                                                                                                                                                              												_t208 = 0;
                                                                                                                                                              											}
                                                                                                                                                              											goto L109;
                                                                                                                                                              										}
                                                                                                                                                              										asm("sbb eax, eax");
                                                                                                                                                              										_t211 = _t210 | 0x00000001;
                                                                                                                                                              										__eflags = _t211;
                                                                                                                                                              										goto L98;
                                                                                                                                                              									}
                                                                                                                                                              								} else {
                                                                                                                                                              									__eflags =  *_t308 & 0x00000010;
                                                                                                                                                              									if(( *_t308 & 0x00000010) != 0) {
                                                                                                                                                              										goto L108;
                                                                                                                                                              									} else {
                                                                                                                                                              										goto L90;
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              						L109:
                                                                                                                                                              						return _t208;
                                                                                                                                                              					}
                                                                                                                                                              				} else {
                                                                                                                                                              					_t274 = _a4;
                                                                                                                                                              					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
                                                                                                                                                              						L22:
                                                                                                                                                              						_t300 = _a12;
                                                                                                                                                              						_v8 = _t300;
                                                                                                                                                              						goto L24;
                                                                                                                                                              					} else {
                                                                                                                                                              						_t319 = 0;
                                                                                                                                                              						if(_t274[0x1c] != 0) {
                                                                                                                                                              							goto L22;
                                                                                                                                                              						} else {
                                                                                                                                                              							_t225 = E0111DD62(_t274, _t279, _t300, _t305, 0);
                                                                                                                                                              							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
                                                                                                                                                              								L60:
                                                                                                                                                              								return _t225;
                                                                                                                                                              							} else {
                                                                                                                                                              								_t274 =  *(E0111DD62(_t274, _t279, _t300, _t305, 0) + 0x10);
                                                                                                                                                              								_t263 = E0111DD62(_t274, _t279, _t300, _t305, 0);
                                                                                                                                                              								_v28 = 1;
                                                                                                                                                              								_v8 =  *((intOrPtr*)(_t263 + 0x14));
                                                                                                                                                              								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
                                                                                                                                                              									goto L66;
                                                                                                                                                              								} else {
                                                                                                                                                              									if( *((intOrPtr*)(E0111DD62(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
                                                                                                                                                              										L23:
                                                                                                                                                              										_t300 = _v8;
                                                                                                                                                              										_t279 = _v12;
                                                                                                                                                              										L24:
                                                                                                                                                              										_v52 = _t305;
                                                                                                                                                              										_v48 = 0;
                                                                                                                                                              										__eflags =  *_t274 - 0xe06d7363;
                                                                                                                                                              										if( *_t274 != 0xe06d7363) {
                                                                                                                                                              											L56:
                                                                                                                                                              											__eflags = _t305[3];
                                                                                                                                                              											if(_t305[3] <= 0) {
                                                                                                                                                              												goto L59;
                                                                                                                                                              											} else {
                                                                                                                                                              												__eflags = _a24;
                                                                                                                                                              												if(_a24 != 0) {
                                                                                                                                                              													goto L66;
                                                                                                                                                              												} else {
                                                                                                                                                              													_push(_a32);
                                                                                                                                                              													_push(_a28);
                                                                                                                                                              													_push(_t279);
                                                                                                                                                              													_push(_t305);
                                                                                                                                                              													_push(_a16);
                                                                                                                                                              													_push(_t300);
                                                                                                                                                              													_push(_a8);
                                                                                                                                                              													_push(_t274);
                                                                                                                                                              													L67();
                                                                                                                                                              													_t335 = _t335 + 0x20;
                                                                                                                                                              													goto L59;
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              										} else {
                                                                                                                                                              											__eflags = _t274[0x10] - 3;
                                                                                                                                                              											if(_t274[0x10] != 3) {
                                                                                                                                                              												goto L56;
                                                                                                                                                              											} else {
                                                                                                                                                              												__eflags = _t274[0x14] - 0x19930520;
                                                                                                                                                              												if(_t274[0x14] == 0x19930520) {
                                                                                                                                                              													L29:
                                                                                                                                                              													_t319 = _a32;
                                                                                                                                                              													__eflags = _t305[3];
                                                                                                                                                              													if(_t305[3] > 0) {
                                                                                                                                                              														_push(_a28);
                                                                                                                                                              														E0111CFCE(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
                                                                                                                                                              														_t300 = _v64;
                                                                                                                                                              														_t335 = _t335 + 0x18;
                                                                                                                                                              														_t250 = _v68;
                                                                                                                                                              														_v44 = _t250;
                                                                                                                                                              														_v16 = _t300;
                                                                                                                                                              														__eflags = _t300 - _v56;
                                                                                                                                                              														if(_t300 < _v56) {
                                                                                                                                                              															_t294 = _t300 * 0x14;
                                                                                                                                                              															__eflags = _t294;
                                                                                                                                                              															_v32 = _t294;
                                                                                                                                                              															do {
                                                                                                                                                              																_t295 = 5;
                                                                                                                                                              																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
                                                                                                                                                              																_t335 = _t335 + 0xc;
                                                                                                                                                              																__eflags = _v104 - _t253;
                                                                                                                                                              																if(_v104 <= _t253) {
                                                                                                                                                              																	__eflags = _t253 - _v100;
                                                                                                                                                              																	if(_t253 <= _v100) {
                                                                                                                                                              																		_t298 = 0;
                                                                                                                                                              																		_v20 = 0;
                                                                                                                                                              																		__eflags = _v92;
                                                                                                                                                              																		if(_v92 != 0) {
                                                                                                                                                              																			_t255 =  *(_t274[0x1c] + 0xc);
                                                                                                                                                              																			_t303 =  *_t255;
                                                                                                                                                              																			_t256 =  &(_t255[1]);
                                                                                                                                                              																			__eflags = _t256;
                                                                                                                                                              																			_v36 = _t256;
                                                                                                                                                              																			_t257 = _v88;
                                                                                                                                                              																			_v40 = _t303;
                                                                                                                                                              																			_v24 = _t257;
                                                                                                                                                              																			do {
                                                                                                                                                              																				asm("movsd");
                                                                                                                                                              																				asm("movsd");
                                                                                                                                                              																				asm("movsd");
                                                                                                                                                              																				asm("movsd");
                                                                                                                                                              																				_t318 = _v36;
                                                                                                                                                              																				_t330 = _t303;
                                                                                                                                                              																				__eflags = _t330;
                                                                                                                                                              																				if(_t330 <= 0) {
                                                                                                                                                              																					goto L40;
                                                                                                                                                              																				} else {
                                                                                                                                                              																					while(1) {
                                                                                                                                                              																						_push(_t274[0x1c]);
                                                                                                                                                              																						_t258 =  &_v84;
                                                                                                                                                              																						_push( *_t318);
                                                                                                                                                              																						_push(_t258);
                                                                                                                                                              																						L86();
                                                                                                                                                              																						_t335 = _t335 + 0xc;
                                                                                                                                                              																						__eflags = _t258;
                                                                                                                                                              																						if(_t258 != 0) {
                                                                                                                                                              																							break;
                                                                                                                                                              																						}
                                                                                                                                                              																						_t330 = _t330 - 1;
                                                                                                                                                              																						_t318 = _t318 + 4;
                                                                                                                                                              																						__eflags = _t330;
                                                                                                                                                              																						if(_t330 > 0) {
                                                                                                                                                              																							continue;
                                                                                                                                                              																						} else {
                                                                                                                                                              																							_t298 = _v20;
                                                                                                                                                              																							_t257 = _v24;
                                                                                                                                                              																							_t303 = _v40;
                                                                                                                                                              																							goto L40;
                                                                                                                                                              																						}
                                                                                                                                                              																						goto L43;
                                                                                                                                                              																					}
                                                                                                                                                              																					_push(_a24);
                                                                                                                                                              																					_push(_v28);
                                                                                                                                                              																					E0111E027(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
                                                                                                                                                              																					_t335 = _t335 + 0x30;
                                                                                                                                                              																				}
                                                                                                                                                              																				L43:
                                                                                                                                                              																				_t300 = _v16;
                                                                                                                                                              																				goto L44;
                                                                                                                                                              																				L40:
                                                                                                                                                              																				_t298 = _t298 + 1;
                                                                                                                                                              																				_t257 = _t257 + 0x10;
                                                                                                                                                              																				_v20 = _t298;
                                                                                                                                                              																				_v24 = _t257;
                                                                                                                                                              																				__eflags = _t298 - _v92;
                                                                                                                                                              																			} while (_t298 != _v92);
                                                                                                                                                              																			goto L43;
                                                                                                                                                              																		}
                                                                                                                                                              																	}
                                                                                                                                                              																}
                                                                                                                                                              																L44:
                                                                                                                                                              																_t300 = _t300 + 1;
                                                                                                                                                              																_t250 = _v44;
                                                                                                                                                              																_t294 = _v32 + 0x14;
                                                                                                                                                              																_v16 = _t300;
                                                                                                                                                              																_v32 = _t294;
                                                                                                                                                              																__eflags = _t300 - _v56;
                                                                                                                                                              															} while (_t300 < _v56);
                                                                                                                                                              															_t305 = _a20;
                                                                                                                                                              															_t319 = _a32;
                                                                                                                                                              														}
                                                                                                                                                              													}
                                                                                                                                                              													__eflags = _a24;
                                                                                                                                                              													if(__eflags != 0) {
                                                                                                                                                              														_push(1);
                                                                                                                                                              														E0111D406(_t274, _t305, _t319, __eflags);
                                                                                                                                                              														_t279 = _t274;
                                                                                                                                                              													}
                                                                                                                                                              													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
                                                                                                                                                              													if(( *_t305 & 0x1fffffff) < 0x19930521) {
                                                                                                                                                              														L59:
                                                                                                                                                              														_t225 = E0111DD62(_t274, _t279, _t300, _t305, _t319);
                                                                                                                                                              														__eflags =  *(_t225 + 0x1c);
                                                                                                                                                              														if( *(_t225 + 0x1c) != 0) {
                                                                                                                                                              															goto L66;
                                                                                                                                                              														} else {
                                                                                                                                                              															goto L60;
                                                                                                                                                              														}
                                                                                                                                                              													} else {
                                                                                                                                                              														__eflags = _t305[7];
                                                                                                                                                              														if(_t305[7] != 0) {
                                                                                                                                                              															L52:
                                                                                                                                                              															_t229 = _t305[8] >> 2;
                                                                                                                                                              															__eflags = _t229 & 0x00000001;
                                                                                                                                                              															if((_t229 & 0x00000001) == 0) {
                                                                                                                                                              																_push(_t305[7]);
                                                                                                                                                              																_t230 = E0111EAB6(_t274, _t305, _t319, _t274);
                                                                                                                                                              																_pop(_t279);
                                                                                                                                                              																__eflags = _t230;
                                                                                                                                                              																if(_t230 == 0) {
                                                                                                                                                              																	goto L63;
                                                                                                                                                              																} else {
                                                                                                                                                              																	goto L59;
                                                                                                                                                              																}
                                                                                                                                                              															} else {
                                                                                                                                                              																 *(E0111DD62(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
                                                                                                                                                              																_t238 = E0111DD62(_t274, _t279, _t300, _t305, _t319);
                                                                                                                                                              																_t290 = _v8;
                                                                                                                                                              																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
                                                                                                                                                              																goto L61;
                                                                                                                                                              															}
                                                                                                                                                              														} else {
                                                                                                                                                              															_t245 = _t305[8] >> 2;
                                                                                                                                                              															__eflags = _t245 & 0x00000001;
                                                                                                                                                              															if((_t245 & 0x00000001) == 0) {
                                                                                                                                                              																goto L59;
                                                                                                                                                              															} else {
                                                                                                                                                              																__eflags = _a28;
                                                                                                                                                              																if(_a28 != 0) {
                                                                                                                                                              																	goto L59;
                                                                                                                                                              																} else {
                                                                                                                                                              																	goto L52;
                                                                                                                                                              																}
                                                                                                                                                              															}
                                                                                                                                                              														}
                                                                                                                                                              													}
                                                                                                                                                              												} else {
                                                                                                                                                              													__eflags = _t274[0x14] - 0x19930521;
                                                                                                                                                              													if(_t274[0x14] == 0x19930521) {
                                                                                                                                                              														goto L29;
                                                                                                                                                              													} else {
                                                                                                                                                              														__eflags = _t274[0x14] - 0x19930522;
                                                                                                                                                              														if(_t274[0x14] != 0x19930522) {
                                                                                                                                                              															goto L56;
                                                                                                                                                              														} else {
                                                                                                                                                              															goto L29;
                                                                                                                                                              														}
                                                                                                                                                              													}
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              									} else {
                                                                                                                                                              										_v16 =  *((intOrPtr*)(E0111DD62(_t274, _t279, _t300, _t305, _t319) + 0x1c));
                                                                                                                                                              										_t268 = E0111DD62(_t274, _t279, _t300, _t305, _t319);
                                                                                                                                                              										_push(_v16);
                                                                                                                                                              										 *(_t268 + 0x1c) = _t319;
                                                                                                                                                              										_t269 = E0111EAB6(_t274, _t305, _t319, _t274);
                                                                                                                                                              										_pop(_t290);
                                                                                                                                                              										if(_t269 != 0) {
                                                                                                                                                              											goto L23;
                                                                                                                                                              										} else {
                                                                                                                                                              											_t305 = _v16;
                                                                                                                                                              											_t356 =  *_t305 - _t319;
                                                                                                                                                              											if( *_t305 <= _t319) {
                                                                                                                                                              												L61:
                                                                                                                                                              												E011269AF(_t274, _t290, _t300, _t305, _t319, __eflags);
                                                                                                                                                              											} else {
                                                                                                                                                              												while(1) {
                                                                                                                                                              													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
                                                                                                                                                              													if(E0111E74A( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0x1142984) != 0) {
                                                                                                                                                              														goto L62;
                                                                                                                                                              													}
                                                                                                                                                              													_t319 = _t319 + 0x10;
                                                                                                                                                              													_t273 = _v20 + 1;
                                                                                                                                                              													_v20 = _t273;
                                                                                                                                                              													_t356 = _t273 -  *_t305;
                                                                                                                                                              													if(_t273 >=  *_t305) {
                                                                                                                                                              														goto L61;
                                                                                                                                                              													} else {
                                                                                                                                                              														continue;
                                                                                                                                                              													}
                                                                                                                                                              													goto L62;
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              											L62:
                                                                                                                                                              											_push(1);
                                                                                                                                                              											_push(_t274);
                                                                                                                                                              											E0111D406(_t274, _t305, _t319, __eflags);
                                                                                                                                                              											_t279 =  &_v64;
                                                                                                                                                              											E0111E732( &_v64);
                                                                                                                                                              											E0111D96B( &_v64, 0x1140b9c);
                                                                                                                                                              											L63:
                                                                                                                                                              											 *(E0111DD62(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
                                                                                                                                                              											_t232 = E0111DD62(_t274, _t279, _t300, _t305, _t319);
                                                                                                                                                              											_t279 = _v8;
                                                                                                                                                              											 *(_t232 + 0x14) = _v8;
                                                                                                                                                              											__eflags = _t319;
                                                                                                                                                              											if(_t319 == 0) {
                                                                                                                                                              												_t319 = _a8;
                                                                                                                                                              											}
                                                                                                                                                              											E0111D1C1(_t279, _t319, _t274);
                                                                                                                                                              											E0111E9B6(_a8, _a16, _t305);
                                                                                                                                                              											_t235 = E0111EB73(_t305);
                                                                                                                                                              											_t335 = _t335 + 0x10;
                                                                                                                                                              											_push(_t235);
                                                                                                                                                              											E0111E92D(_t274, _t279, _t300, _t305, _t319, __eflags);
                                                                                                                                                              											goto L66;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              			}























































































                                                                                                                                                              0x0111e0a7
                                                                                                                                                              0x0111e0ae
                                                                                                                                                              0x0111e0b0
                                                                                                                                                              0x0111e0b9
                                                                                                                                                              0x0111e0bf
                                                                                                                                                              0x0111e0c7
                                                                                                                                                              0x0111e0c9
                                                                                                                                                              0x0111e0cc
                                                                                                                                                              0x0111e0d2
                                                                                                                                                              0x0111e44b
                                                                                                                                                              0x0111e44b
                                                                                                                                                              0x0111e450
                                                                                                                                                              0x0111e452
                                                                                                                                                              0x0111e454
                                                                                                                                                              0x0111e457
                                                                                                                                                              0x0111e458
                                                                                                                                                              0x0111e45b
                                                                                                                                                              0x0111e461
                                                                                                                                                              0x0111e580
                                                                                                                                                              0x0111e467
                                                                                                                                                              0x0111e467
                                                                                                                                                              0x0111e468
                                                                                                                                                              0x0111e469
                                                                                                                                                              0x0111e470
                                                                                                                                                              0x0111e473
                                                                                                                                                              0x0111e476
                                                                                                                                                              0x0111e47c
                                                                                                                                                              0x0111e47e
                                                                                                                                                              0x0111e483
                                                                                                                                                              0x0111e486
                                                                                                                                                              0x0111e488
                                                                                                                                                              0x0111e48e
                                                                                                                                                              0x0111e490
                                                                                                                                                              0x0111e496
                                                                                                                                                              0x0111e4ab
                                                                                                                                                              0x0111e4b0
                                                                                                                                                              0x0111e4b3
                                                                                                                                                              0x0111e4b5
                                                                                                                                                              0x0111e57c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e57d
                                                                                                                                                              0x0111e4b5
                                                                                                                                                              0x0111e496
                                                                                                                                                              0x0111e48e
                                                                                                                                                              0x0111e486
                                                                                                                                                              0x0111e4bb
                                                                                                                                                              0x0111e4be
                                                                                                                                                              0x0111e4c1
                                                                                                                                                              0x0111e4c4
                                                                                                                                                              0x0111e4c7
                                                                                                                                                              0x0111e4cd
                                                                                                                                                              0x0111e4df
                                                                                                                                                              0x0111e4e4
                                                                                                                                                              0x0111e4e7
                                                                                                                                                              0x0111e4ea
                                                                                                                                                              0x0111e4ed
                                                                                                                                                              0x0111e4f0
                                                                                                                                                              0x0111e4f3
                                                                                                                                                              0x0111e4f6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e4fc
                                                                                                                                                              0x0111e4fc
                                                                                                                                                              0x0111e4ff
                                                                                                                                                              0x0111e502
                                                                                                                                                              0x0111e511
                                                                                                                                                              0x0111e512
                                                                                                                                                              0x0111e512
                                                                                                                                                              0x0111e514
                                                                                                                                                              0x0111e517
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e519
                                                                                                                                                              0x0111e51c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e52a
                                                                                                                                                              0x0111e52c
                                                                                                                                                              0x0111e52f
                                                                                                                                                              0x0111e531
                                                                                                                                                              0x0111e539
                                                                                                                                                              0x0111e539
                                                                                                                                                              0x0111e53c
                                                                                                                                                              0x0111e53e
                                                                                                                                                              0x0111e540
                                                                                                                                                              0x0111e55c
                                                                                                                                                              0x0111e561
                                                                                                                                                              0x0111e564
                                                                                                                                                              0x0111e564
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e53c
                                                                                                                                                              0x0111e533
                                                                                                                                                              0x0111e537
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e567
                                                                                                                                                              0x0111e56a
                                                                                                                                                              0x0111e56b
                                                                                                                                                              0x0111e56e
                                                                                                                                                              0x0111e571
                                                                                                                                                              0x0111e574
                                                                                                                                                              0x0111e577
                                                                                                                                                              0x0111e577
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e502
                                                                                                                                                              0x0111e581
                                                                                                                                                              0x0111e586
                                                                                                                                                              0x0111e587
                                                                                                                                                              0x0111e58a
                                                                                                                                                              0x0111e58d
                                                                                                                                                              0x0111e58e
                                                                                                                                                              0x0111e58f
                                                                                                                                                              0x0111e590
                                                                                                                                                              0x0111e593
                                                                                                                                                              0x0111e595
                                                                                                                                                              0x0111e60d
                                                                                                                                                              0x0111e60f
                                                                                                                                                              0x0111e60f
                                                                                                                                                              0x0111e597
                                                                                                                                                              0x0111e597
                                                                                                                                                              0x0111e59a
                                                                                                                                                              0x0111e59d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e59f
                                                                                                                                                              0x0111e59f
                                                                                                                                                              0x0111e5a2
                                                                                                                                                              0x0111e5a5
                                                                                                                                                              0x0111e5ac
                                                                                                                                                              0x0111e5ac
                                                                                                                                                              0x0111e5af
                                                                                                                                                              0x0111e5b1
                                                                                                                                                              0x0111e5b3
                                                                                                                                                              0x0111e5e5
                                                                                                                                                              0x0111e5e5
                                                                                                                                                              0x0111e5e8
                                                                                                                                                              0x0111e5ef
                                                                                                                                                              0x0111e5ef
                                                                                                                                                              0x0111e5f2
                                                                                                                                                              0x0111e5f5
                                                                                                                                                              0x0111e5fc
                                                                                                                                                              0x0111e5fc
                                                                                                                                                              0x0111e5ff
                                                                                                                                                              0x0111e606
                                                                                                                                                              0x0111e608
                                                                                                                                                              0x0111e608
                                                                                                                                                              0x0111e601
                                                                                                                                                              0x0111e601
                                                                                                                                                              0x0111e604
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e604
                                                                                                                                                              0x0111e5f7
                                                                                                                                                              0x0111e5f7
                                                                                                                                                              0x0111e5fa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5fa
                                                                                                                                                              0x0111e5ea
                                                                                                                                                              0x0111e5ea
                                                                                                                                                              0x0111e5ed
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5ed
                                                                                                                                                              0x0111e609
                                                                                                                                                              0x0111e5b5
                                                                                                                                                              0x0111e5b5
                                                                                                                                                              0x0111e5b5
                                                                                                                                                              0x0111e5b8
                                                                                                                                                              0x0111e5b8
                                                                                                                                                              0x0111e5ba
                                                                                                                                                              0x0111e5bc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5be
                                                                                                                                                              0x0111e5c0
                                                                                                                                                              0x0111e5d4
                                                                                                                                                              0x0111e5d4
                                                                                                                                                              0x0111e5c2
                                                                                                                                                              0x0111e5c2
                                                                                                                                                              0x0111e5c5
                                                                                                                                                              0x0111e5c8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5ca
                                                                                                                                                              0x0111e5ca
                                                                                                                                                              0x0111e5cd
                                                                                                                                                              0x0111e5d0
                                                                                                                                                              0x0111e5d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5d2
                                                                                                                                                              0x0111e5c8
                                                                                                                                                              0x0111e5dd
                                                                                                                                                              0x0111e5dd
                                                                                                                                                              0x0111e5df
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5e1
                                                                                                                                                              0x0111e5e1
                                                                                                                                                              0x0111e5e1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5df
                                                                                                                                                              0x0111e5d8
                                                                                                                                                              0x0111e5da
                                                                                                                                                              0x0111e5da
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5da
                                                                                                                                                              0x0111e5a7
                                                                                                                                                              0x0111e5a7
                                                                                                                                                              0x0111e5aa
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5aa
                                                                                                                                                              0x0111e5a5
                                                                                                                                                              0x0111e59d
                                                                                                                                                              0x0111e610
                                                                                                                                                              0x0111e614
                                                                                                                                                              0x0111e614
                                                                                                                                                              0x0111e0e1
                                                                                                                                                              0x0111e0e1
                                                                                                                                                              0x0111e0ea
                                                                                                                                                              0x0111e1e7
                                                                                                                                                              0x0111e1e7
                                                                                                                                                              0x0111e1ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e119
                                                                                                                                                              0x0111e119
                                                                                                                                                              0x0111e11e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e124
                                                                                                                                                              0x0111e124
                                                                                                                                                              0x0111e12c
                                                                                                                                                              0x0111e3e5
                                                                                                                                                              0x0111e3e9
                                                                                                                                                              0x0111e132
                                                                                                                                                              0x0111e137
                                                                                                                                                              0x0111e13a
                                                                                                                                                              0x0111e13f
                                                                                                                                                              0x0111e146
                                                                                                                                                              0x0111e14b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e183
                                                                                                                                                              0x0111e18b
                                                                                                                                                              0x0111e1ef
                                                                                                                                                              0x0111e1ef
                                                                                                                                                              0x0111e1f2
                                                                                                                                                              0x0111e1f5
                                                                                                                                                              0x0111e1f7
                                                                                                                                                              0x0111e1fa
                                                                                                                                                              0x0111e1fd
                                                                                                                                                              0x0111e203
                                                                                                                                                              0x0111e3b4
                                                                                                                                                              0x0111e3b4
                                                                                                                                                              0x0111e3b7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e3b9
                                                                                                                                                              0x0111e3b9
                                                                                                                                                              0x0111e3bc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e3c2
                                                                                                                                                              0x0111e3c2
                                                                                                                                                              0x0111e3c5
                                                                                                                                                              0x0111e3c8
                                                                                                                                                              0x0111e3c9
                                                                                                                                                              0x0111e3ca
                                                                                                                                                              0x0111e3cd
                                                                                                                                                              0x0111e3ce
                                                                                                                                                              0x0111e3d1
                                                                                                                                                              0x0111e3d2
                                                                                                                                                              0x0111e3d7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e3d7
                                                                                                                                                              0x0111e3bc
                                                                                                                                                              0x0111e209
                                                                                                                                                              0x0111e209
                                                                                                                                                              0x0111e20d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e213
                                                                                                                                                              0x0111e213
                                                                                                                                                              0x0111e21a
                                                                                                                                                              0x0111e232
                                                                                                                                                              0x0111e232
                                                                                                                                                              0x0111e235
                                                                                                                                                              0x0111e238
                                                                                                                                                              0x0111e23e
                                                                                                                                                              0x0111e24e
                                                                                                                                                              0x0111e253
                                                                                                                                                              0x0111e256
                                                                                                                                                              0x0111e259
                                                                                                                                                              0x0111e25c
                                                                                                                                                              0x0111e25f
                                                                                                                                                              0x0111e262
                                                                                                                                                              0x0111e265
                                                                                                                                                              0x0111e26b
                                                                                                                                                              0x0111e26b
                                                                                                                                                              0x0111e26e
                                                                                                                                                              0x0111e271
                                                                                                                                                              0x0111e280
                                                                                                                                                              0x0111e281
                                                                                                                                                              0x0111e281
                                                                                                                                                              0x0111e283
                                                                                                                                                              0x0111e286
                                                                                                                                                              0x0111e28c
                                                                                                                                                              0x0111e28f
                                                                                                                                                              0x0111e295
                                                                                                                                                              0x0111e297
                                                                                                                                                              0x0111e29a
                                                                                                                                                              0x0111e29d
                                                                                                                                                              0x0111e2a6
                                                                                                                                                              0x0111e2a9
                                                                                                                                                              0x0111e2ab
                                                                                                                                                              0x0111e2ab
                                                                                                                                                              0x0111e2ae
                                                                                                                                                              0x0111e2b1
                                                                                                                                                              0x0111e2b4
                                                                                                                                                              0x0111e2b7
                                                                                                                                                              0x0111e2ba
                                                                                                                                                              0x0111e2bf
                                                                                                                                                              0x0111e2c0
                                                                                                                                                              0x0111e2c1
                                                                                                                                                              0x0111e2c2
                                                                                                                                                              0x0111e2c3
                                                                                                                                                              0x0111e2c6
                                                                                                                                                              0x0111e2c8
                                                                                                                                                              0x0111e2ca
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e2cc
                                                                                                                                                              0x0111e2cc
                                                                                                                                                              0x0111e2cc
                                                                                                                                                              0x0111e2cf
                                                                                                                                                              0x0111e2d2
                                                                                                                                                              0x0111e2d4
                                                                                                                                                              0x0111e2d5
                                                                                                                                                              0x0111e2da
                                                                                                                                                              0x0111e2dd
                                                                                                                                                              0x0111e2df
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e2e1
                                                                                                                                                              0x0111e2e2
                                                                                                                                                              0x0111e2e5
                                                                                                                                                              0x0111e2e7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e2e9
                                                                                                                                                              0x0111e2e9
                                                                                                                                                              0x0111e2ec
                                                                                                                                                              0x0111e2ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e2ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e2e7
                                                                                                                                                              0x0111e303
                                                                                                                                                              0x0111e309
                                                                                                                                                              0x0111e326
                                                                                                                                                              0x0111e32b
                                                                                                                                                              0x0111e32b
                                                                                                                                                              0x0111e32e
                                                                                                                                                              0x0111e32e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e2f2
                                                                                                                                                              0x0111e2f2
                                                                                                                                                              0x0111e2f3
                                                                                                                                                              0x0111e2f6
                                                                                                                                                              0x0111e2f9
                                                                                                                                                              0x0111e2fc
                                                                                                                                                              0x0111e2fc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e301
                                                                                                                                                              0x0111e29d
                                                                                                                                                              0x0111e28f
                                                                                                                                                              0x0111e331
                                                                                                                                                              0x0111e334
                                                                                                                                                              0x0111e335
                                                                                                                                                              0x0111e338
                                                                                                                                                              0x0111e33b
                                                                                                                                                              0x0111e33e
                                                                                                                                                              0x0111e341
                                                                                                                                                              0x0111e341
                                                                                                                                                              0x0111e34a
                                                                                                                                                              0x0111e34d
                                                                                                                                                              0x0111e34d
                                                                                                                                                              0x0111e265
                                                                                                                                                              0x0111e350
                                                                                                                                                              0x0111e354
                                                                                                                                                              0x0111e356
                                                                                                                                                              0x0111e359
                                                                                                                                                              0x0111e35f
                                                                                                                                                              0x0111e35f
                                                                                                                                                              0x0111e367
                                                                                                                                                              0x0111e36c
                                                                                                                                                              0x0111e3da
                                                                                                                                                              0x0111e3da
                                                                                                                                                              0x0111e3df
                                                                                                                                                              0x0111e3e3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e36e
                                                                                                                                                              0x0111e36e
                                                                                                                                                              0x0111e372
                                                                                                                                                              0x0111e384
                                                                                                                                                              0x0111e387
                                                                                                                                                              0x0111e38a
                                                                                                                                                              0x0111e38c
                                                                                                                                                              0x0111e3a3
                                                                                                                                                              0x0111e3a7
                                                                                                                                                              0x0111e3ad
                                                                                                                                                              0x0111e3ae
                                                                                                                                                              0x0111e3b0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e3b2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e3b2
                                                                                                                                                              0x0111e38e
                                                                                                                                                              0x0111e393
                                                                                                                                                              0x0111e396
                                                                                                                                                              0x0111e39b
                                                                                                                                                              0x0111e39e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e39e
                                                                                                                                                              0x0111e374
                                                                                                                                                              0x0111e377
                                                                                                                                                              0x0111e37a
                                                                                                                                                              0x0111e37c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e37e
                                                                                                                                                              0x0111e37e
                                                                                                                                                              0x0111e382
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e382
                                                                                                                                                              0x0111e37c
                                                                                                                                                              0x0111e372
                                                                                                                                                              0x0111e21c
                                                                                                                                                              0x0111e21c
                                                                                                                                                              0x0111e223
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e225
                                                                                                                                                              0x0111e225
                                                                                                                                                              0x0111e22c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e22c
                                                                                                                                                              0x0111e223
                                                                                                                                                              0x0111e21a
                                                                                                                                                              0x0111e20d
                                                                                                                                                              0x0111e18d
                                                                                                                                                              0x0111e195
                                                                                                                                                              0x0111e198
                                                                                                                                                              0x0111e19d
                                                                                                                                                              0x0111e1a1
                                                                                                                                                              0x0111e1a4
                                                                                                                                                              0x0111e1aa
                                                                                                                                                              0x0111e1ad
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e1af
                                                                                                                                                              0x0111e1af
                                                                                                                                                              0x0111e1b2
                                                                                                                                                              0x0111e1b4
                                                                                                                                                              0x0111e3ea
                                                                                                                                                              0x0111e3ea
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e1ba
                                                                                                                                                              0x0111e1c2
                                                                                                                                                              0x0111e1cd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e1d6
                                                                                                                                                              0x0111e1d9
                                                                                                                                                              0x0111e1da
                                                                                                                                                              0x0111e1dd
                                                                                                                                                              0x0111e1df
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e1e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e1e5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e1df
                                                                                                                                                              0x0111e1ba
                                                                                                                                                              0x0111e3ef
                                                                                                                                                              0x0111e3ef
                                                                                                                                                              0x0111e3f1
                                                                                                                                                              0x0111e3f2
                                                                                                                                                              0x0111e3f9
                                                                                                                                                              0x0111e3fc
                                                                                                                                                              0x0111e40a
                                                                                                                                                              0x0111e40f
                                                                                                                                                              0x0111e414
                                                                                                                                                              0x0111e417
                                                                                                                                                              0x0111e41c
                                                                                                                                                              0x0111e41f
                                                                                                                                                              0x0111e422
                                                                                                                                                              0x0111e424
                                                                                                                                                              0x0111e426
                                                                                                                                                              0x0111e426
                                                                                                                                                              0x0111e42b
                                                                                                                                                              0x0111e437
                                                                                                                                                              0x0111e43d
                                                                                                                                                              0x0111e442
                                                                                                                                                              0x0111e445
                                                                                                                                                              0x0111e446
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e446
                                                                                                                                                              0x0111e1ad
                                                                                                                                                              0x0111e18b
                                                                                                                                                              0x0111e14b
                                                                                                                                                              0x0111e12c
                                                                                                                                                              0x0111e11e
                                                                                                                                                              0x0111e0ea

                                                                                                                                                              APIs
                                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 0111E1A4
                                                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 0111E1C6
                                                                                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 0111E2D5
                                                                                                                                                              • CatchIt.LIBVCRUNTIME ref: 0111E326
                                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 0111E3A7
                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 0111E42B
                                                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 0111E446
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                              • API String ID: 4234981820-393685449
                                                                                                                                                              • Opcode ID: 4ece5a44667bfa93f27a34d6563a9db8d94e0c780d33648209d8482960525ebd
                                                                                                                                                              • Instruction ID: 155a722636252cc452415ca255f24084bf772325de9284a065ffe4b1032ddc7d
                                                                                                                                                              • Opcode Fuzzy Hash: 4ece5a44667bfa93f27a34d6563a9db8d94e0c780d33648209d8482960525ebd
                                                                                                                                                              • Instruction Fuzzy Hash: 65B1577180221AEFCF2EDFE8D8809AEFBB5BF14314B14416AEC116B259D731DA51CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E010E4030(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                              				void* _v8;
                                                                                                                                                              				char _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				char _v44;
                                                                                                                                                              				char _v48;
                                                                                                                                                              				signed int _v52;
                                                                                                                                                              				char _v53;
                                                                                                                                                              				void* _v60;
                                                                                                                                                              				void* _v64;
                                                                                                                                                              				intOrPtr* _v68;
                                                                                                                                                              				void* _v72;
                                                                                                                                                              				void* _v76;
                                                                                                                                                              				intOrPtr _v80;
                                                                                                                                                              				intOrPtr _v84;
                                                                                                                                                              				intOrPtr _v88;
                                                                                                                                                              				intOrPtr _v92;
                                                                                                                                                              				void* _v96;
                                                                                                                                                              				signed int _t86;
                                                                                                                                                              				signed int _t87;
                                                                                                                                                              				intOrPtr _t92;
                                                                                                                                                              				void* _t94;
                                                                                                                                                              				intOrPtr _t98;
                                                                                                                                                              				intOrPtr _t106;
                                                                                                                                                              				signed int _t164;
                                                                                                                                                              
                                                                                                                                                              				_t163 = __esi;
                                                                                                                                                              				_t162 = __edi;
                                                                                                                                                              				_t120 = __ebx;
                                                                                                                                                              				_t86 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_t87 = _t86 ^ _t164;
                                                                                                                                                              				_v20 = _t87;
                                                                                                                                                              				 *[fs:0x0] =  &_v16;
                                                                                                                                                              				_v52 = 0;
                                                                                                                                                              				E010E1810( &_v44, 0x113cb4a);
                                                                                                                                                              				_v8 = 0;
                                                                                                                                                              				_v48 = 0;
                                                                                                                                                              				_v96 = 0;
                                                                                                                                                              				_v72 = 0;
                                                                                                                                                              				_v60 = 0;
                                                                                                                                                              				_v64 = 0;
                                                                                                                                                              				_v72 = LocalAlloc(0x40, 0x1c);
                                                                                                                                                              				 *_v72 = 0x1c;
                                                                                                                                                              				_t92 = _a8;
                                                                                                                                                              				__imp__SetupDiEnumDeviceInfo(_t92, _a12, _v72, _t87,  *[fs:0x0], 0x1134aad, 0xffffffff);
                                                                                                                                                              				if(_t92 != 0) {
                                                                                                                                                              					_v60 = LocalAlloc(0x40, 0x1c);
                                                                                                                                                              					 *_v60 = 0x1c;
                                                                                                                                                              					_t94 = _v60;
                                                                                                                                                              					__imp__SetupDiEnumDeviceInterfaces(_a8, 0, 0x1137210, _a12, _t94);
                                                                                                                                                              					if(_t94 != 0) {
                                                                                                                                                              						__imp__SetupDiGetDeviceInterfaceDetailA(_a8, _v60, 0, 0,  &_v48, 0);
                                                                                                                                                              						_v64 = E011253AD();
                                                                                                                                                              						 *_v64 = 5;
                                                                                                                                                              						_t157 = _v60;
                                                                                                                                                              						_t98 = _a8;
                                                                                                                                                              						__imp__SetupDiGetDeviceInterfaceDetailA(_t98, _v60, _v64, _v48, 0, 0, _v48);
                                                                                                                                                              						if(_t98 != 0) {
                                                                                                                                                              							_v76 = _v64 + 4;
                                                                                                                                                              							_v68 = _v76;
                                                                                                                                                              							_v80 = _v68 + 1;
                                                                                                                                                              							do {
                                                                                                                                                              								_v53 =  *_v68;
                                                                                                                                                              								_v68 = _v68 + 1;
                                                                                                                                                              							} while (_v53 != 0);
                                                                                                                                                              							_v84 = _v68 - _v80;
                                                                                                                                                              							_v88 = _v84;
                                                                                                                                                              							_v92 = _v88;
                                                                                                                                                              							_t157 = _v76;
                                                                                                                                                              							E010E1C50(__ebx,  &_v44, __edi, __esi, _v76, _v92);
                                                                                                                                                              							if(_v72 != 0) {
                                                                                                                                                              								LocalFree(_v72);
                                                                                                                                                              							}
                                                                                                                                                              							if(_v60 != 0) {
                                                                                                                                                              								LocalFree(_v60);
                                                                                                                                                              							}
                                                                                                                                                              							if(_v64 != 0) {
                                                                                                                                                              								_t157 = _v64;
                                                                                                                                                              								LocalFree(_v64);
                                                                                                                                                              							}
                                                                                                                                                              							E010E1790(_a4,  &_v44);
                                                                                                                                                              							_v52 = _v52 | 0x00000001;
                                                                                                                                                              							_v8 = 0xffffffff;
                                                                                                                                                              							E010E1AB0( &_v44);
                                                                                                                                                              							_t106 = _a4;
                                                                                                                                                              						} else {
                                                                                                                                                              							E010E1810(_a4, 0x113cb4d);
                                                                                                                                                              							_v52 = _v52 | 0x00000001;
                                                                                                                                                              							_v8 = 0xffffffff;
                                                                                                                                                              							E010E1AB0( &_v44);
                                                                                                                                                              							_t106 = _a4;
                                                                                                                                                              						}
                                                                                                                                                              					} else {
                                                                                                                                                              						E010E1810(_a4, 0x113cb4c);
                                                                                                                                                              						_v52 = _v52 | 0x00000001;
                                                                                                                                                              						_v8 = 0xffffffff;
                                                                                                                                                              						E010E1AB0( &_v44);
                                                                                                                                                              						_t106 = _a4;
                                                                                                                                                              					}
                                                                                                                                                              				} else {
                                                                                                                                                              					E010E1810(_a4, 0x113cb4b);
                                                                                                                                                              					_v52 = _v52 | 0x00000001;
                                                                                                                                                              					_v8 = 0xffffffff;
                                                                                                                                                              					E010E1AB0( &_v44);
                                                                                                                                                              					_t106 = _a4;
                                                                                                                                                              				}
                                                                                                                                                              				 *[fs:0x0] = _v16;
                                                                                                                                                              				return E0111C2E8(_t106, _t120, _v20 ^ _t164, _t157, _t162, _t163);
                                                                                                                                                              			}



























                                                                                                                                                              0x010e4030
                                                                                                                                                              0x010e4030
                                                                                                                                                              0x010e4030
                                                                                                                                                              0x010e4044
                                                                                                                                                              0x010e4049
                                                                                                                                                              0x010e404b
                                                                                                                                                              0x010e4052
                                                                                                                                                              0x010e4058
                                                                                                                                                              0x010e4067
                                                                                                                                                              0x010e406c
                                                                                                                                                              0x010e4073
                                                                                                                                                              0x010e407a
                                                                                                                                                              0x010e4081
                                                                                                                                                              0x010e4088
                                                                                                                                                              0x010e408f
                                                                                                                                                              0x010e40a0
                                                                                                                                                              0x010e40a6
                                                                                                                                                              0x010e40b4
                                                                                                                                                              0x010e40b8
                                                                                                                                                              0x010e40c0
                                                                                                                                                              0x010e40f9
                                                                                                                                                              0x010e40ff
                                                                                                                                                              0x010e4105
                                                                                                                                                              0x010e4118
                                                                                                                                                              0x010e4120
                                                                                                                                                              0x010e4161
                                                                                                                                                              0x010e4173
                                                                                                                                                              0x010e4179
                                                                                                                                                              0x010e418b
                                                                                                                                                              0x010e418f
                                                                                                                                                              0x010e4193
                                                                                                                                                              0x010e419b
                                                                                                                                                              0x010e41d0
                                                                                                                                                              0x010e41d6
                                                                                                                                                              0x010e41df
                                                                                                                                                              0x010e41e2
                                                                                                                                                              0x010e41e7
                                                                                                                                                              0x010e41ea
                                                                                                                                                              0x010e41ee
                                                                                                                                                              0x010e41fa
                                                                                                                                                              0x010e4200
                                                                                                                                                              0x010e4206
                                                                                                                                                              0x010e420d
                                                                                                                                                              0x010e4214
                                                                                                                                                              0x010e421d
                                                                                                                                                              0x010e4223
                                                                                                                                                              0x010e4223
                                                                                                                                                              0x010e422d
                                                                                                                                                              0x010e4233
                                                                                                                                                              0x010e4233
                                                                                                                                                              0x010e423d
                                                                                                                                                              0x010e423f
                                                                                                                                                              0x010e4243
                                                                                                                                                              0x010e4243
                                                                                                                                                              0x010e4250
                                                                                                                                                              0x010e425b
                                                                                                                                                              0x010e425e
                                                                                                                                                              0x010e4268
                                                                                                                                                              0x010e426d
                                                                                                                                                              0x010e419d
                                                                                                                                                              0x010e41a5
                                                                                                                                                              0x010e41b0
                                                                                                                                                              0x010e41b3
                                                                                                                                                              0x010e41bd
                                                                                                                                                              0x010e41c2
                                                                                                                                                              0x010e41c2
                                                                                                                                                              0x010e4122
                                                                                                                                                              0x010e412a
                                                                                                                                                              0x010e4135
                                                                                                                                                              0x010e4138
                                                                                                                                                              0x010e4142
                                                                                                                                                              0x010e4147
                                                                                                                                                              0x010e4147
                                                                                                                                                              0x010e40c2
                                                                                                                                                              0x010e40ca
                                                                                                                                                              0x010e40d5
                                                                                                                                                              0x010e40d8
                                                                                                                                                              0x010e40e2
                                                                                                                                                              0x010e40e7
                                                                                                                                                              0x010e40e7
                                                                                                                                                              0x010e4273
                                                                                                                                                              0x010e4288

                                                                                                                                                              APIs
                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,0000001C), ref: 010E409A
                                                                                                                                                              • SetupDiEnumDeviceInfo.SETUPAPI(?,?,00000000), ref: 010E40B8
                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,0000001C), ref: 010E40F3
                                                                                                                                                              • SetupDiEnumDeviceInterfaces.SETUPAPI(?,00000000,01137210,?,00000000), ref: 010E4118
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocDeviceEnumLocalSetup$InfoInterfaces
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1562706109-0
                                                                                                                                                              • Opcode ID: 402bf2cbbc3b800a4ef75518d3f8672b43c6e984d56464999042c6e8421cafda
                                                                                                                                                              • Instruction ID: 8f2994d547ad51d8b733dee48262498be6ee165c205a9cd318229054bb44b295
                                                                                                                                                              • Opcode Fuzzy Hash: 402bf2cbbc3b800a4ef75518d3f8672b43c6e984d56464999042c6e8421cafda
                                                                                                                                                              • Instruction Fuzzy Hash: D371F7B1A00208EFDB18DF99D899BDEBBF5FF48710F108219F555AB284DB70A945CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E0111DA50(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                              				char _v5;
                                                                                                                                                              				signed int _v12;
                                                                                                                                                              				char _v16;
                                                                                                                                                              				intOrPtr _v20;
                                                                                                                                                              				intOrPtr _v24;
                                                                                                                                                              				intOrPtr _v28;
                                                                                                                                                              				signed int _v32;
                                                                                                                                                              				signed char _v36;
                                                                                                                                                              				void* _v40;
                                                                                                                                                              				signed int _t77;
                                                                                                                                                              				signed int _t84;
                                                                                                                                                              				intOrPtr _t85;
                                                                                                                                                              				void* _t86;
                                                                                                                                                              				intOrPtr* _t87;
                                                                                                                                                              				intOrPtr _t89;
                                                                                                                                                              				signed int _t91;
                                                                                                                                                              				int _t93;
                                                                                                                                                              				signed int _t98;
                                                                                                                                                              				intOrPtr* _t102;
                                                                                                                                                              				intOrPtr _t103;
                                                                                                                                                              				signed int _t107;
                                                                                                                                                              				char _t109;
                                                                                                                                                              				signed int _t113;
                                                                                                                                                              				void* _t114;
                                                                                                                                                              				intOrPtr _t123;
                                                                                                                                                              				void* _t125;
                                                                                                                                                              				intOrPtr _t133;
                                                                                                                                                              				signed int _t135;
                                                                                                                                                              				void* _t139;
                                                                                                                                                              				void* _t141;
                                                                                                                                                              				void* _t149;
                                                                                                                                                              
                                                                                                                                                              				_t118 = __edx;
                                                                                                                                                              				_t102 = _a4;
                                                                                                                                                              				_push(__edi);
                                                                                                                                                              				_v5 = 0;
                                                                                                                                                              				_v16 = 1;
                                                                                                                                                              				 *_t102 = E01134637(__ecx,  *_t102);
                                                                                                                                                              				_t103 = _a8;
                                                                                                                                                              				_t6 = _t103 + 0x10; // 0x11
                                                                                                                                                              				_t133 = _t6;
                                                                                                                                                              				_push(_t133);
                                                                                                                                                              				_v20 = _t133;
                                                                                                                                                              				_v12 =  *(_t103 + 8) ^  *0x1142008;
                                                                                                                                                              				E0111DA10(_t103, __edx, __edi, _t133,  *(_t103 + 8) ^  *0x1142008);
                                                                                                                                                              				E0111EBCC(_a12);
                                                                                                                                                              				_t77 = _a4;
                                                                                                                                                              				_t141 = _t139 - 0x1c + 0x10;
                                                                                                                                                              				_t123 =  *((intOrPtr*)(_t103 + 0xc));
                                                                                                                                                              				if(( *(_t77 + 4) & 0x00000066) != 0) {
                                                                                                                                                              					__eflags = _t123 - 0xfffffffe;
                                                                                                                                                              					if(_t123 != 0xfffffffe) {
                                                                                                                                                              						_t118 = 0xfffffffe;
                                                                                                                                                              						E0111EDC0(_t103, 0xfffffffe, _t133, 0x1142008);
                                                                                                                                                              						goto L13;
                                                                                                                                                              					}
                                                                                                                                                              					goto L14;
                                                                                                                                                              				} else {
                                                                                                                                                              					_v32 = _t77;
                                                                                                                                                              					_v28 = _a12;
                                                                                                                                                              					 *((intOrPtr*)(_t103 - 4)) =  &_v32;
                                                                                                                                                              					if(_t123 == 0xfffffffe) {
                                                                                                                                                              						L14:
                                                                                                                                                              						return _v16;
                                                                                                                                                              					} else {
                                                                                                                                                              						do {
                                                                                                                                                              							_t107 = _v12;
                                                                                                                                                              							_t84 = _t123 + (_t123 + 2) * 2;
                                                                                                                                                              							_t103 =  *((intOrPtr*)(_t107 + _t84 * 4));
                                                                                                                                                              							_t85 = _t107 + _t84 * 4;
                                                                                                                                                              							_t108 =  *((intOrPtr*)(_t85 + 4));
                                                                                                                                                              							_v24 = _t85;
                                                                                                                                                              							if( *((intOrPtr*)(_t85 + 4)) == 0) {
                                                                                                                                                              								_t109 = _v5;
                                                                                                                                                              								goto L7;
                                                                                                                                                              							} else {
                                                                                                                                                              								_t118 = _t133;
                                                                                                                                                              								_t86 = E0111ED60(_t108, _t133);
                                                                                                                                                              								_t109 = 1;
                                                                                                                                                              								_v5 = 1;
                                                                                                                                                              								_t149 = _t86;
                                                                                                                                                              								if(_t149 < 0) {
                                                                                                                                                              									_v16 = 0;
                                                                                                                                                              									L13:
                                                                                                                                                              									_push(_t133);
                                                                                                                                                              									E0111DA10(_t103, _t118, _t123, _t133, _v12);
                                                                                                                                                              									goto L14;
                                                                                                                                                              								} else {
                                                                                                                                                              									if(_t149 > 0) {
                                                                                                                                                              										_t87 = _a4;
                                                                                                                                                              										__eflags =  *_t87 - 0xe06d7363;
                                                                                                                                                              										if( *_t87 == 0xe06d7363) {
                                                                                                                                                              											__eflags =  *0x11372b4;
                                                                                                                                                              											if(__eflags != 0) {
                                                                                                                                                              												_t98 = E01133070(__eflags, 0x11372b4);
                                                                                                                                                              												_t141 = _t141 + 4;
                                                                                                                                                              												__eflags = _t98;
                                                                                                                                                              												if(_t98 != 0) {
                                                                                                                                                              													_t135 =  *0x11372b4; // 0x111d406
                                                                                                                                                              													 *0x11371bc(_a4, 1);
                                                                                                                                                              													 *_t135();
                                                                                                                                                              													_t133 = _v20;
                                                                                                                                                              													_t141 = _t141 + 8;
                                                                                                                                                              												}
                                                                                                                                                              												_t87 = _a4;
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              										_t119 = _t87;
                                                                                                                                                              										E0111EDA0(_t87, _a8, _t87);
                                                                                                                                                              										_t89 = _a8;
                                                                                                                                                              										__eflags =  *((intOrPtr*)(_t89 + 0xc)) - _t123;
                                                                                                                                                              										if( *((intOrPtr*)(_t89 + 0xc)) != _t123) {
                                                                                                                                                              											_t119 = _t123;
                                                                                                                                                              											E0111EDC0(_t89, _t123, _t133, 0x1142008);
                                                                                                                                                              											_t89 = _a8;
                                                                                                                                                              										}
                                                                                                                                                              										_push(_t133);
                                                                                                                                                              										 *((intOrPtr*)(_t89 + 0xc)) = _t103;
                                                                                                                                                              										E0111DA10(_t103, _t119, _t123, _t133, _v12);
                                                                                                                                                              										E0111ED80();
                                                                                                                                                              										asm("int3");
                                                                                                                                                              										asm("int3");
                                                                                                                                                              										asm("int3");
                                                                                                                                                              										_t113 = _v32;
                                                                                                                                                              										_t91 = _v36 & 0x000000ff;
                                                                                                                                                              										_t125 = _v40;
                                                                                                                                                              										__eflags = _t113;
                                                                                                                                                              										if(_t113 == 0) {
                                                                                                                                                              											L46:
                                                                                                                                                              											return _v40;
                                                                                                                                                              										} else {
                                                                                                                                                              											_t93 = _t91 * 0x1010101;
                                                                                                                                                              											__eflags = _t113 - 0x20;
                                                                                                                                                              											if(_t113 <= 0x20) {
                                                                                                                                                              												L39:
                                                                                                                                                              												__eflags = _t113 & 0x00000003;
                                                                                                                                                              												while((_t113 & 0x00000003) != 0) {
                                                                                                                                                              													 *_t125 = _t93;
                                                                                                                                                              													_t125 = _t125 + 1;
                                                                                                                                                              													_t113 = _t113 - 1;
                                                                                                                                                              													__eflags = _t113 & 0x00000003;
                                                                                                                                                              												}
                                                                                                                                                              												__eflags = _t113 & 0x00000004;
                                                                                                                                                              												if((_t113 & 0x00000004) != 0) {
                                                                                                                                                              													 *_t125 = _t93;
                                                                                                                                                              													_t125 = _t125 + 4;
                                                                                                                                                              													_t113 = _t113 - 4;
                                                                                                                                                              													__eflags = _t113;
                                                                                                                                                              												}
                                                                                                                                                              												__eflags = _t113 & 0xfffffff8;
                                                                                                                                                              												while((_t113 & 0xfffffff8) != 0) {
                                                                                                                                                              													 *_t125 = _t93;
                                                                                                                                                              													 *(_t125 + 4) = _t93;
                                                                                                                                                              													_t125 = _t125 + 8;
                                                                                                                                                              													_t113 = _t113 - 8;
                                                                                                                                                              													__eflags = _t113 & 0xfffffff8;
                                                                                                                                                              												}
                                                                                                                                                              												goto L46;
                                                                                                                                                              											} else {
                                                                                                                                                              												__eflags = _t113 - 0x80;
                                                                                                                                                              												if(__eflags < 0) {
                                                                                                                                                              													L33:
                                                                                                                                                              													asm("bt dword [0x114200c], 0x1");
                                                                                                                                                              													if(__eflags >= 0) {
                                                                                                                                                              														goto L39;
                                                                                                                                                              													} else {
                                                                                                                                                              														asm("movd xmm0, eax");
                                                                                                                                                              														asm("pshufd xmm0, xmm0, 0x0");
                                                                                                                                                              														goto L35;
                                                                                                                                                              													}
                                                                                                                                                              												} else {
                                                                                                                                                              													asm("bt dword [0x1142e8c], 0x1");
                                                                                                                                                              													if(__eflags >= 0) {
                                                                                                                                                              														asm("bt dword [0x114200c], 0x1");
                                                                                                                                                              														if(__eflags >= 0) {
                                                                                                                                                              															goto L39;
                                                                                                                                                              														} else {
                                                                                                                                                              															asm("movd xmm0, eax");
                                                                                                                                                              															asm("pshufd xmm0, xmm0, 0x0");
                                                                                                                                                              															_t114 = _t125 + _t113;
                                                                                                                                                              															asm("movups [edi], xmm0");
                                                                                                                                                              															_t125 = _t125 + 0x00000010 & 0xfffffff0;
                                                                                                                                                              															_t113 = _t114 - _t125;
                                                                                                                                                              															__eflags = _t113 - 0x80;
                                                                                                                                                              															if(__eflags <= 0) {
                                                                                                                                                              																goto L33;
                                                                                                                                                              															} else {
                                                                                                                                                              																do {
                                                                                                                                                              																	asm("movdqa [edi], xmm0");
                                                                                                                                                              																	asm("movdqa [edi+0x10], xmm0");
                                                                                                                                                              																	asm("movdqa [edi+0x20], xmm0");
                                                                                                                                                              																	asm("movdqa [edi+0x30], xmm0");
                                                                                                                                                              																	asm("movdqa [edi+0x40], xmm0");
                                                                                                                                                              																	asm("movdqa [edi+0x50], xmm0");
                                                                                                                                                              																	asm("movdqa [edi+0x60], xmm0");
                                                                                                                                                              																	asm("movdqa [edi+0x70], xmm0");
                                                                                                                                                              																	_t125 = _t125 + 0x80;
                                                                                                                                                              																	_t113 = _t113 - 0x80;
                                                                                                                                                              																	__eflags = _t113 & 0xffffff00;
                                                                                                                                                              																} while ((_t113 & 0xffffff00) != 0);
                                                                                                                                                              																L35:
                                                                                                                                                              																__eflags = _t113 - 0x20;
                                                                                                                                                              																if(_t113 < 0x20) {
                                                                                                                                                              																	L38:
                                                                                                                                                              																	asm("movdqu [edi], xmm0");
                                                                                                                                                              																	asm("movdqu [edi+0x10], xmm0");
                                                                                                                                                              																	return _v40;
                                                                                                                                                              																} else {
                                                                                                                                                              																	do {
                                                                                                                                                              																		asm("movdqu [edi], xmm0");
                                                                                                                                                              																		asm("movdqu [edi+0x10], xmm0");
                                                                                                                                                              																		_t125 = _t125 + 0x20;
                                                                                                                                                              																		_t113 = _t113 - 0x20;
                                                                                                                                                              																		__eflags = _t113 - 0x20;
                                                                                                                                                              																	} while (_t113 >= 0x20);
                                                                                                                                                              																	__eflags = _t113 & 0x0000001f;
                                                                                                                                                              																	if((_t113 & 0x0000001f) == 0) {
                                                                                                                                                              																		goto L46;
                                                                                                                                                              																	} else {
                                                                                                                                                              																		goto L38;
                                                                                                                                                              																	}
                                                                                                                                                              																}
                                                                                                                                                              															}
                                                                                                                                                              														}
                                                                                                                                                              													} else {
                                                                                                                                                              														memset(_t125, _t93, _t113 << 0);
                                                                                                                                                              														return _v40;
                                                                                                                                                              													}
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              									} else {
                                                                                                                                                              										goto L7;
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              							goto L47;
                                                                                                                                                              							L7:
                                                                                                                                                              							_t123 = _t103;
                                                                                                                                                              						} while (_t103 != 0xfffffffe);
                                                                                                                                                              						if(_t109 != 0) {
                                                                                                                                                              							goto L13;
                                                                                                                                                              						}
                                                                                                                                                              						goto L14;
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              				L47:
                                                                                                                                                              			}


































                                                                                                                                                              0x0111da50
                                                                                                                                                              0x0111da57
                                                                                                                                                              0x0111da5b
                                                                                                                                                              0x0111da5c
                                                                                                                                                              0x0111da62
                                                                                                                                                              0x0111da6e
                                                                                                                                                              0x0111da70
                                                                                                                                                              0x0111da76
                                                                                                                                                              0x0111da76
                                                                                                                                                              0x0111da7f
                                                                                                                                                              0x0111da81
                                                                                                                                                              0x0111da84
                                                                                                                                                              0x0111da87
                                                                                                                                                              0x0111da8f
                                                                                                                                                              0x0111da94
                                                                                                                                                              0x0111da97
                                                                                                                                                              0x0111da9a
                                                                                                                                                              0x0111daa1
                                                                                                                                                              0x0111dafd
                                                                                                                                                              0x0111db00
                                                                                                                                                              0x0111db08
                                                                                                                                                              0x0111db0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111db0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111daa3
                                                                                                                                                              0x0111daa3
                                                                                                                                                              0x0111daa9
                                                                                                                                                              0x0111daaf
                                                                                                                                                              0x0111dab5
                                                                                                                                                              0x0111db20
                                                                                                                                                              0x0111db29
                                                                                                                                                              0x0111dab7
                                                                                                                                                              0x0111dab7
                                                                                                                                                              0x0111dab7
                                                                                                                                                              0x0111dabd
                                                                                                                                                              0x0111dac0
                                                                                                                                                              0x0111dac3
                                                                                                                                                              0x0111dac6
                                                                                                                                                              0x0111dac9
                                                                                                                                                              0x0111dace
                                                                                                                                                              0x0111dae4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dad0
                                                                                                                                                              0x0111dad0
                                                                                                                                                              0x0111dad2
                                                                                                                                                              0x0111dad7
                                                                                                                                                              0x0111dad9
                                                                                                                                                              0x0111dadc
                                                                                                                                                              0x0111dade
                                                                                                                                                              0x0111daf4
                                                                                                                                                              0x0111db14
                                                                                                                                                              0x0111db14
                                                                                                                                                              0x0111db18
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dae0
                                                                                                                                                              0x0111dae0
                                                                                                                                                              0x0111db2a
                                                                                                                                                              0x0111db2d
                                                                                                                                                              0x0111db33
                                                                                                                                                              0x0111db35
                                                                                                                                                              0x0111db3c
                                                                                                                                                              0x0111db43
                                                                                                                                                              0x0111db48
                                                                                                                                                              0x0111db4b
                                                                                                                                                              0x0111db4d
                                                                                                                                                              0x0111db4f
                                                                                                                                                              0x0111db5c
                                                                                                                                                              0x0111db62
                                                                                                                                                              0x0111db64
                                                                                                                                                              0x0111db67
                                                                                                                                                              0x0111db67
                                                                                                                                                              0x0111db6a
                                                                                                                                                              0x0111db6a
                                                                                                                                                              0x0111db3c
                                                                                                                                                              0x0111db70
                                                                                                                                                              0x0111db72
                                                                                                                                                              0x0111db77
                                                                                                                                                              0x0111db7a
                                                                                                                                                              0x0111db7d
                                                                                                                                                              0x0111db85
                                                                                                                                                              0x0111db89
                                                                                                                                                              0x0111db8e
                                                                                                                                                              0x0111db8e
                                                                                                                                                              0x0111db91
                                                                                                                                                              0x0111db95
                                                                                                                                                              0x0111db98
                                                                                                                                                              0x0111dba8
                                                                                                                                                              0x0111dbad
                                                                                                                                                              0x0111dbae
                                                                                                                                                              0x0111dbaf
                                                                                                                                                              0x0111dbb0
                                                                                                                                                              0x0111dbb4
                                                                                                                                                              0x0111dbbb
                                                                                                                                                              0x0111dbbf
                                                                                                                                                              0x0111dbc1
                                                                                                                                                              0x0111dd03
                                                                                                                                                              0x0111dd09
                                                                                                                                                              0x0111dbc7
                                                                                                                                                              0x0111dbc7
                                                                                                                                                              0x0111dbcd
                                                                                                                                                              0x0111dbd0
                                                                                                                                                              0x0111dcb5
                                                                                                                                                              0x0111dcb5
                                                                                                                                                              0x0111dcbb
                                                                                                                                                              0x0111dcbd
                                                                                                                                                              0x0111dcbf
                                                                                                                                                              0x0111dcc0
                                                                                                                                                              0x0111dcc3
                                                                                                                                                              0x0111dcc3
                                                                                                                                                              0x0111dccb
                                                                                                                                                              0x0111dcd1
                                                                                                                                                              0x0111dcd3
                                                                                                                                                              0x0111dcd5
                                                                                                                                                              0x0111dcd8
                                                                                                                                                              0x0111dcd8
                                                                                                                                                              0x0111dcd8
                                                                                                                                                              0x0111dcdb
                                                                                                                                                              0x0111dce1
                                                                                                                                                              0x0111dcf0
                                                                                                                                                              0x0111dcf2
                                                                                                                                                              0x0111dcf5
                                                                                                                                                              0x0111dcf8
                                                                                                                                                              0x0111dcfb
                                                                                                                                                              0x0111dcfb
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dbd6
                                                                                                                                                              0x0111dbd6
                                                                                                                                                              0x0111dbdc
                                                                                                                                                              0x0111dc6d
                                                                                                                                                              0x0111dc6d
                                                                                                                                                              0x0111dc75
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dc77
                                                                                                                                                              0x0111dc77
                                                                                                                                                              0x0111dc7b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dc7b
                                                                                                                                                              0x0111dbe2
                                                                                                                                                              0x0111dbe2
                                                                                                                                                              0x0111dbea
                                                                                                                                                              0x0111dbf5
                                                                                                                                                              0x0111dbfd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dc03
                                                                                                                                                              0x0111dc03
                                                                                                                                                              0x0111dc07
                                                                                                                                                              0x0111dc0c
                                                                                                                                                              0x0111dc0e
                                                                                                                                                              0x0111dc14
                                                                                                                                                              0x0111dc17
                                                                                                                                                              0x0111dc19
                                                                                                                                                              0x0111dc1f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dc30
                                                                                                                                                              0x0111dc30
                                                                                                                                                              0x0111dc30
                                                                                                                                                              0x0111dc34
                                                                                                                                                              0x0111dc39
                                                                                                                                                              0x0111dc3e
                                                                                                                                                              0x0111dc43
                                                                                                                                                              0x0111dc48
                                                                                                                                                              0x0111dc4d
                                                                                                                                                              0x0111dc52
                                                                                                                                                              0x0111dc57
                                                                                                                                                              0x0111dc5d
                                                                                                                                                              0x0111dc63
                                                                                                                                                              0x0111dc63
                                                                                                                                                              0x0111dc80
                                                                                                                                                              0x0111dc80
                                                                                                                                                              0x0111dc83
                                                                                                                                                              0x0111dca1
                                                                                                                                                              0x0111dca5
                                                                                                                                                              0x0111dca9
                                                                                                                                                              0x0111dcb4
                                                                                                                                                              0x0111dc85
                                                                                                                                                              0x0111dc85
                                                                                                                                                              0x0111dc85
                                                                                                                                                              0x0111dc89
                                                                                                                                                              0x0111dc8e
                                                                                                                                                              0x0111dc91
                                                                                                                                                              0x0111dc94
                                                                                                                                                              0x0111dc94
                                                                                                                                                              0x0111dc99
                                                                                                                                                              0x0111dc9f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dc9f
                                                                                                                                                              0x0111dc83
                                                                                                                                                              0x0111dc1f
                                                                                                                                                              0x0111dbec
                                                                                                                                                              0x0111dbec
                                                                                                                                                              0x0111dbf4
                                                                                                                                                              0x0111dbf4
                                                                                                                                                              0x0111dbea
                                                                                                                                                              0x0111dbdc
                                                                                                                                                              0x0111dbd0
                                                                                                                                                              0x0111dae2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dae2
                                                                                                                                                              0x0111dae0
                                                                                                                                                              0x0111dade
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dae7
                                                                                                                                                              0x0111dae7
                                                                                                                                                              0x0111dae9
                                                                                                                                                              0x0111daf0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111daf2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111daf0
                                                                                                                                                              0x0111dab5
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 0111DA87
                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0111DA8F
                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 0111DB18
                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 0111DB43
                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 0111DB98
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                              • Opcode ID: b1174402cf514d2ecdd15947ad7c8d42a3bf86e9c770677afbe58860b0cdee01
                                                                                                                                                              • Instruction ID: 11fd951f3628c24f2dcd88f05ec68394ef41896020525bd0ba3c0be853a9fc8f
                                                                                                                                                              • Opcode Fuzzy Hash: b1174402cf514d2ecdd15947ad7c8d42a3bf86e9c770677afbe58860b0cdee01
                                                                                                                                                              • Instruction Fuzzy Hash: 3741F435A002199BCF18DFACE888A9EFFB1BF45318F0480B5E9155B399C731E951CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E01128082(void* __ecx, signed int* _a4, intOrPtr _a8) {
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				void* _t20;
                                                                                                                                                              				void* _t22;
                                                                                                                                                              				WCHAR* _t26;
                                                                                                                                                              				signed int _t29;
                                                                                                                                                              				void** _t30;
                                                                                                                                                              				signed int* _t35;
                                                                                                                                                              				void* _t38;
                                                                                                                                                              				void* _t40;
                                                                                                                                                              
                                                                                                                                                              				_t35 = _a4;
                                                                                                                                                              				while(_t35 != _a8) {
                                                                                                                                                              					_t29 =  *_t35;
                                                                                                                                                              					_v8 = _t29;
                                                                                                                                                              					_t38 =  *(0x11430c8 + _t29 * 4);
                                                                                                                                                              					if(_t38 == 0) {
                                                                                                                                                              						_t26 =  *(0x1139790 + _t29 * 4);
                                                                                                                                                              						_t38 = LoadLibraryExW(_t26, 0, 0x800);
                                                                                                                                                              						if(_t38 != 0) {
                                                                                                                                                              							L14:
                                                                                                                                                              							_t30 = 0x11430c8 + _v8 * 4;
                                                                                                                                                              							 *_t30 = _t38;
                                                                                                                                                              							if( *_t30 != 0) {
                                                                                                                                                              								FreeLibrary(_t38);
                                                                                                                                                              							}
                                                                                                                                                              							L16:
                                                                                                                                                              							_t20 = _t38;
                                                                                                                                                              							L13:
                                                                                                                                                              							return _t20;
                                                                                                                                                              						}
                                                                                                                                                              						_t22 = GetLastError();
                                                                                                                                                              						if(_t22 != 0x57) {
                                                                                                                                                              							L9:
                                                                                                                                                              							 *(0x11430c8 + _v8 * 4) = _t22 | 0xffffffff;
                                                                                                                                                              							L10:
                                                                                                                                                              							_t35 =  &(_t35[1]);
                                                                                                                                                              							continue;
                                                                                                                                                              						}
                                                                                                                                                              						_t22 = E01126B78(_t26, L"api-ms-", 7);
                                                                                                                                                              						_t40 = _t40 + 0xc;
                                                                                                                                                              						if(_t22 == 0) {
                                                                                                                                                              							goto L9;
                                                                                                                                                              						}
                                                                                                                                                              						_t22 = E01126B78(_t26, L"ext-ms-", 7);
                                                                                                                                                              						_t40 = _t40 + 0xc;
                                                                                                                                                              						if(_t22 == 0) {
                                                                                                                                                              							goto L9;
                                                                                                                                                              						}
                                                                                                                                                              						_t22 = LoadLibraryExW(_t26, _t38, _t38);
                                                                                                                                                              						_t38 = _t22;
                                                                                                                                                              						if(_t38 != 0) {
                                                                                                                                                              							goto L14;
                                                                                                                                                              						}
                                                                                                                                                              						goto L9;
                                                                                                                                                              					}
                                                                                                                                                              					if(_t38 != 0xffffffff) {
                                                                                                                                                              						goto L16;
                                                                                                                                                              					}
                                                                                                                                                              					goto L10;
                                                                                                                                                              				}
                                                                                                                                                              				_t20 = 0;
                                                                                                                                                              				goto L13;
                                                                                                                                                              			}












                                                                                                                                                              0x0112808b
                                                                                                                                                              0x01128120
                                                                                                                                                              0x01128093
                                                                                                                                                              0x01128095
                                                                                                                                                              0x0112809f
                                                                                                                                                              0x011280a4
                                                                                                                                                              0x011280b1
                                                                                                                                                              0x011280c6
                                                                                                                                                              0x011280ca
                                                                                                                                                              0x01128130
                                                                                                                                                              0x01128135
                                                                                                                                                              0x0112813c
                                                                                                                                                              0x01128140
                                                                                                                                                              0x01128143
                                                                                                                                                              0x01128143
                                                                                                                                                              0x01128149
                                                                                                                                                              0x01128149
                                                                                                                                                              0x0112812b
                                                                                                                                                              0x0112812f
                                                                                                                                                              0x0112812f
                                                                                                                                                              0x011280cc
                                                                                                                                                              0x011280d5
                                                                                                                                                              0x0112810e
                                                                                                                                                              0x0112811b
                                                                                                                                                              0x0112811d
                                                                                                                                                              0x0112811d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112811d
                                                                                                                                                              0x011280df
                                                                                                                                                              0x011280e4
                                                                                                                                                              0x011280e9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011280f3
                                                                                                                                                              0x011280f8
                                                                                                                                                              0x011280fd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01128102
                                                                                                                                                              0x01128108
                                                                                                                                                              0x0112810c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112810c
                                                                                                                                                              0x011280a9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011280af
                                                                                                                                                              0x01128129
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,90716B2B,?,0112818F,00000000,00000000,00000000,00000000), ref: 01128143
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                              • Opcode ID: a0c8726caae6ebf2dd54df3b5fca5a9a6c1cb2ea86076d6e02f613e54a937870
                                                                                                                                                              • Instruction ID: 85471380a2e33f0602c0296c8007daca2d9dd5a94ba8537be1b664ab82c91c3b
                                                                                                                                                              • Opcode Fuzzy Hash: a0c8726caae6ebf2dd54df3b5fca5a9a6c1cb2ea86076d6e02f613e54a937870
                                                                                                                                                              • Instruction Fuzzy Hash: 3C21E772A01235AFDB3E9B299C40A5A37E9EB417A0F250120ED21A72C8D770E950CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E0111DD70(void* __ecx) {
                                                                                                                                                              				void* _t4;
                                                                                                                                                              				void* _t8;
                                                                                                                                                              				void* _t11;
                                                                                                                                                              				void* _t13;
                                                                                                                                                              				void* _t14;
                                                                                                                                                              				void* _t18;
                                                                                                                                                              				void* _t23;
                                                                                                                                                              				long _t24;
                                                                                                                                                              				void* _t27;
                                                                                                                                                              
                                                                                                                                                              				_t13 = __ecx;
                                                                                                                                                              				if( *0x1142020 != 0xffffffff) {
                                                                                                                                                              					_t24 = GetLastError();
                                                                                                                                                              					_t11 = E0111EF30(_t13, __eflags,  *0x1142020);
                                                                                                                                                              					_t14 = _t23;
                                                                                                                                                              					__eflags = _t11 - 0xffffffff;
                                                                                                                                                              					if(_t11 == 0xffffffff) {
                                                                                                                                                              						L5:
                                                                                                                                                              						_t11 = 0;
                                                                                                                                                              					} else {
                                                                                                                                                              						__eflags = _t11;
                                                                                                                                                              						if(__eflags == 0) {
                                                                                                                                                              							_t4 = E0111EF6B(_t14, __eflags,  *0x1142020, 0xffffffff);
                                                                                                                                                              							__eflags = _t4;
                                                                                                                                                              							if(_t4 != 0) {
                                                                                                                                                              								_push(0x28);
                                                                                                                                                              								_t27 = E01126AE8();
                                                                                                                                                              								_t18 = 1;
                                                                                                                                                              								__eflags = _t27;
                                                                                                                                                              								if(__eflags == 0) {
                                                                                                                                                              									L8:
                                                                                                                                                              									_t11 = 0;
                                                                                                                                                              									E0111EF6B(_t18, __eflags,  *0x1142020, 0);
                                                                                                                                                              								} else {
                                                                                                                                                              									_t8 = E0111EF6B(_t18, __eflags,  *0x1142020, _t27);
                                                                                                                                                              									_pop(_t18);
                                                                                                                                                              									__eflags = _t8;
                                                                                                                                                              									if(__eflags != 0) {
                                                                                                                                                              										_t11 = _t27;
                                                                                                                                                              										_t27 = 0;
                                                                                                                                                              										__eflags = 0;
                                                                                                                                                              									} else {
                                                                                                                                                              										goto L8;
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              								E0112544B(_t27);
                                                                                                                                                              							} else {
                                                                                                                                                              								goto L5;
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					SetLastError(_t24);
                                                                                                                                                              					return _t11;
                                                                                                                                                              				} else {
                                                                                                                                                              					return 0;
                                                                                                                                                              				}
                                                                                                                                                              			}












                                                                                                                                                              0x0111dd70
                                                                                                                                                              0x0111dd77
                                                                                                                                                              0x0111dd8a
                                                                                                                                                              0x0111dd91
                                                                                                                                                              0x0111dd93
                                                                                                                                                              0x0111dd94
                                                                                                                                                              0x0111dd97
                                                                                                                                                              0x0111ddb0
                                                                                                                                                              0x0111ddb0
                                                                                                                                                              0x0111dd99
                                                                                                                                                              0x0111dd99
                                                                                                                                                              0x0111dd9b
                                                                                                                                                              0x0111dda5
                                                                                                                                                              0x0111ddac
                                                                                                                                                              0x0111ddae
                                                                                                                                                              0x0111ddb5
                                                                                                                                                              0x0111ddbe
                                                                                                                                                              0x0111ddc1
                                                                                                                                                              0x0111ddc2
                                                                                                                                                              0x0111ddc4
                                                                                                                                                              0x0111ddd8
                                                                                                                                                              0x0111ddd8
                                                                                                                                                              0x0111dde1
                                                                                                                                                              0x0111ddc6
                                                                                                                                                              0x0111ddcd
                                                                                                                                                              0x0111ddd3
                                                                                                                                                              0x0111ddd4
                                                                                                                                                              0x0111ddd6
                                                                                                                                                              0x0111ddea
                                                                                                                                                              0x0111ddec
                                                                                                                                                              0x0111ddec
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111ddd6
                                                                                                                                                              0x0111ddef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111ddae
                                                                                                                                                              0x0111dd9b
                                                                                                                                                              0x0111ddf7
                                                                                                                                                              0x0111de01
                                                                                                                                                              0x0111dd79
                                                                                                                                                              0x0111dd7b
                                                                                                                                                              0x0111dd7b

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32(?,?,0111DD67,0111D5B2,0111CE00), ref: 0111DD7E
                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0111DD8C
                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0111DDA5
                                                                                                                                                              • SetLastError.KERNEL32(00000000,0111DD67,0111D5B2,0111CE00), ref: 0111DDF7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                              • Opcode ID: 94fd4c96aa3f091b490b8811d401e58656ab506c23cbfde15913746755c14372
                                                                                                                                                              • Instruction ID: 31f010ba6c5c64367feba6695af63815a8d35e2d25c4168354bf03644ce4294f
                                                                                                                                                              • Opcode Fuzzy Hash: 94fd4c96aa3f091b490b8811d401e58656ab506c23cbfde15913746755c14372
                                                                                                                                                              • Instruction Fuzzy Hash: FE01D8366097235FAE3F16F87C8866FAA96DB17979320023AF920410DCEF214881C751
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0112AD82(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
                                                                                                                                                              				void* _t15;
                                                                                                                                                              				void* _t16;
                                                                                                                                                              				intOrPtr _t18;
                                                                                                                                                              				intOrPtr _t38;
                                                                                                                                                              				intOrPtr* _t40;
                                                                                                                                                              				intOrPtr _t41;
                                                                                                                                                              
                                                                                                                                                              				_t40 = _a4;
                                                                                                                                                              				if(_t40 != 0) {
                                                                                                                                                              					if( *_t40 != 0) {
                                                                                                                                                              						_t15 = E0112B787(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
                                                                                                                                                              						if(_t15 != 0) {
                                                                                                                                                              							_t38 = _a8;
                                                                                                                                                              							if(_t15 <=  *((intOrPtr*)(_t38 + 0xc))) {
                                                                                                                                                              								L10:
                                                                                                                                                              								_t16 = E0112AC90(_a16, _t40,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)));
                                                                                                                                                              								if(_t16 != 0) {
                                                                                                                                                              									 *((intOrPtr*)(_t38 + 0x10)) = _t16 - 1;
                                                                                                                                                              									_t18 = 0;
                                                                                                                                                              								} else {
                                                                                                                                                              									E01123842(GetLastError());
                                                                                                                                                              									_t18 =  *((intOrPtr*)(E0112389C()));
                                                                                                                                                              								}
                                                                                                                                                              								L13:
                                                                                                                                                              								L14:
                                                                                                                                                              								return _t18;
                                                                                                                                                              							}
                                                                                                                                                              							_t18 = E0112AE44(_t38, _t15);
                                                                                                                                                              							if(_t18 != 0) {
                                                                                                                                                              								goto L13;
                                                                                                                                                              							}
                                                                                                                                                              							goto L10;
                                                                                                                                                              						}
                                                                                                                                                              						E01123842(GetLastError());
                                                                                                                                                              						_t18 =  *((intOrPtr*)(E0112389C()));
                                                                                                                                                              						goto L14;
                                                                                                                                                              					}
                                                                                                                                                              					_t41 = _a8;
                                                                                                                                                              					if( *((intOrPtr*)(_t41 + 0xc)) != 0) {
                                                                                                                                                              						L5:
                                                                                                                                                              						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = 0;
                                                                                                                                                              						_t18 = 0;
                                                                                                                                                              						 *((intOrPtr*)(_t41 + 0x10)) = 0;
                                                                                                                                                              						goto L14;
                                                                                                                                                              					}
                                                                                                                                                              					_t18 = E0112AE44(_t41, 1);
                                                                                                                                                              					if(_t18 != 0) {
                                                                                                                                                              						goto L14;
                                                                                                                                                              					}
                                                                                                                                                              					goto L5;
                                                                                                                                                              				}
                                                                                                                                                              				E0112AE6B(_a8);
                                                                                                                                                              				return 0;
                                                                                                                                                              			}









                                                                                                                                                              0x0112ad88
                                                                                                                                                              0x0112ad8d
                                                                                                                                                              0x0112ada4
                                                                                                                                                              0x0112add6
                                                                                                                                                              0x0112ade0
                                                                                                                                                              0x0112adf9
                                                                                                                                                              0x0112adff
                                                                                                                                                              0x0112ae0d
                                                                                                                                                              0x0112ae1a
                                                                                                                                                              0x0112ae21
                                                                                                                                                              0x0112ae3a
                                                                                                                                                              0x0112ae3d
                                                                                                                                                              0x0112ae23
                                                                                                                                                              0x0112ae2a
                                                                                                                                                              0x0112ae35
                                                                                                                                                              0x0112ae35
                                                                                                                                                              0x0112ae3f
                                                                                                                                                              0x0112ae40
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112ae40
                                                                                                                                                              0x0112ae04
                                                                                                                                                              0x0112ae0b
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112ae0b
                                                                                                                                                              0x0112ade9
                                                                                                                                                              0x0112adf4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112adf4
                                                                                                                                                              0x0112ada6
                                                                                                                                                              0x0112adac
                                                                                                                                                              0x0112adbf
                                                                                                                                                              0x0112adc2
                                                                                                                                                              0x0112adc4
                                                                                                                                                              0x0112adc6
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112adc6
                                                                                                                                                              0x0112adb2
                                                                                                                                                              0x0112adb9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112adb9
                                                                                                                                                              0x0112ad92
                                                                                                                                                              0x00000000

                                                                                                                                                              Strings
                                                                                                                                                              • C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe, xrefs: 0112AD9E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: C:\Users\user\Pictures\Minor Policy\c7rWZ6AD59zgrdOhi2rzdfQY.exe
                                                                                                                                                              • API String ID: 0-2112973764
                                                                                                                                                              • Opcode ID: 2d0fd35210a6fb3c9d8c76670e01f18ce680688d84ac614c60b1f76c8b83f547
                                                                                                                                                              • Instruction ID: 2c7b83170aec49bdda925cf43432f7366df82934a471833e82d53ddd35dadb88
                                                                                                                                                              • Opcode Fuzzy Hash: 2d0fd35210a6fb3c9d8c76670e01f18ce680688d84ac614c60b1f76c8b83f547
                                                                                                                                                              • Instruction Fuzzy Hash: CD21D53120423AAFCB2DAF69EC8096F77ADFF442687004929F925DB940E735EC718791
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E0111EDD7(void* __ecx, signed int* _a4, intOrPtr _a8) {
                                                                                                                                                              				WCHAR* _v8;
                                                                                                                                                              				signed int _t11;
                                                                                                                                                              				WCHAR* _t12;
                                                                                                                                                              				struct HINSTANCE__* _t16;
                                                                                                                                                              				struct HINSTANCE__* _t18;
                                                                                                                                                              				signed int* _t22;
                                                                                                                                                              				signed int* _t26;
                                                                                                                                                              				struct HINSTANCE__* _t29;
                                                                                                                                                              				WCHAR* _t31;
                                                                                                                                                              				void* _t32;
                                                                                                                                                              
                                                                                                                                                              				_t26 = _a4;
                                                                                                                                                              				while(_t26 != _a8) {
                                                                                                                                                              					_t11 =  *_t26;
                                                                                                                                                              					_t22 = 0x1142f2c + _t11 * 4;
                                                                                                                                                              					_t29 =  *_t22;
                                                                                                                                                              					if(_t29 == 0) {
                                                                                                                                                              						_t12 =  *(0x1137c78 + _t11 * 4);
                                                                                                                                                              						_v8 = _t12;
                                                                                                                                                              						_t29 = LoadLibraryExW(_t12, 0, 0x800);
                                                                                                                                                              						if(_t29 != 0) {
                                                                                                                                                              							L13:
                                                                                                                                                              							 *_t22 = _t29;
                                                                                                                                                              							if( *_t22 != 0) {
                                                                                                                                                              								FreeLibrary(_t29);
                                                                                                                                                              							}
                                                                                                                                                              							L15:
                                                                                                                                                              							_t16 = _t29;
                                                                                                                                                              							L12:
                                                                                                                                                              							return _t16;
                                                                                                                                                              						}
                                                                                                                                                              						_t18 = GetLastError();
                                                                                                                                                              						if(_t18 != 0x57) {
                                                                                                                                                              							L8:
                                                                                                                                                              							 *_t22 = _t18 | 0xffffffff;
                                                                                                                                                              							L9:
                                                                                                                                                              							_t26 =  &(_t26[1]);
                                                                                                                                                              							continue;
                                                                                                                                                              						}
                                                                                                                                                              						_t31 = _v8;
                                                                                                                                                              						_t18 = E01126B78(_t31, L"api-ms-", 7);
                                                                                                                                                              						_t32 = _t32 + 0xc;
                                                                                                                                                              						if(_t18 == 0) {
                                                                                                                                                              							goto L8;
                                                                                                                                                              						}
                                                                                                                                                              						_t18 = LoadLibraryExW(_t31, 0, 0);
                                                                                                                                                              						_t29 = _t18;
                                                                                                                                                              						if(_t29 != 0) {
                                                                                                                                                              							goto L13;
                                                                                                                                                              						}
                                                                                                                                                              						goto L8;
                                                                                                                                                              					}
                                                                                                                                                              					if(_t29 != 0xffffffff) {
                                                                                                                                                              						goto L15;
                                                                                                                                                              					}
                                                                                                                                                              					goto L9;
                                                                                                                                                              				}
                                                                                                                                                              				_t16 = 0;
                                                                                                                                                              				goto L12;
                                                                                                                                                              			}













                                                                                                                                                              0x0111edde
                                                                                                                                                              0x0111ee52
                                                                                                                                                              0x0111ede3
                                                                                                                                                              0x0111ede5
                                                                                                                                                              0x0111edec
                                                                                                                                                              0x0111edf0
                                                                                                                                                              0x0111edf9
                                                                                                                                                              0x0111ee08
                                                                                                                                                              0x0111ee11
                                                                                                                                                              0x0111ee15
                                                                                                                                                              0x0111ee5e
                                                                                                                                                              0x0111ee60
                                                                                                                                                              0x0111ee64
                                                                                                                                                              0x0111ee67
                                                                                                                                                              0x0111ee67
                                                                                                                                                              0x0111ee6d
                                                                                                                                                              0x0111ee6d
                                                                                                                                                              0x0111ee59
                                                                                                                                                              0x0111ee5d
                                                                                                                                                              0x0111ee5d
                                                                                                                                                              0x0111ee17
                                                                                                                                                              0x0111ee20
                                                                                                                                                              0x0111ee4a
                                                                                                                                                              0x0111ee4d
                                                                                                                                                              0x0111ee4f
                                                                                                                                                              0x0111ee4f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111ee4f
                                                                                                                                                              0x0111ee22
                                                                                                                                                              0x0111ee2d
                                                                                                                                                              0x0111ee32
                                                                                                                                                              0x0111ee37
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111ee3e
                                                                                                                                                              0x0111ee44
                                                                                                                                                              0x0111ee48
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111ee48
                                                                                                                                                              0x0111edf5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111edf7
                                                                                                                                                              0x0111ee57
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,0111EE98,?,?,01142ED4,00000000,?,0111EFC3,00000004,InitializeCriticalSectionEx,01137D6C,InitializeCriticalSectionEx,00000000), ref: 0111EE67
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                              • API String ID: 3664257935-2084034818
                                                                                                                                                              • Opcode ID: b1a5edf1ade38392218b17c72091d33a60595e0fd57fc1b6b375af762f92410d
                                                                                                                                                              • Instruction ID: a9e75db31cc02a8afe4038c5ab784a2ed3fbce9b2ceeed9258b286595bcc4905
                                                                                                                                                              • Opcode Fuzzy Hash: b1a5edf1ade38392218b17c72091d33a60595e0fd57fc1b6b375af762f92410d
                                                                                                                                                              • Instruction Fuzzy Hash: 6D119176A03231ABDF3B5AAC9844B59B7A4AF05B70F150130FD15E72C8E760E9408AD1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E01125B87(intOrPtr _a4) {
                                                                                                                                                              				char _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				signed int _t11;
                                                                                                                                                              				int _t14;
                                                                                                                                                              				void* _t16;
                                                                                                                                                              				void* _t20;
                                                                                                                                                              				int _t22;
                                                                                                                                                              				signed int _t23;
                                                                                                                                                              
                                                                                                                                                              				_t11 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				 *[fs:0x0] =  &_v16;
                                                                                                                                                              				_v20 = _v20 & 0x00000000;
                                                                                                                                                              				_t14 =  &_v20;
                                                                                                                                                              				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x1136884, 0xffffffff);
                                                                                                                                                              				if(_t14 != 0) {
                                                                                                                                                              					_t14 = GetProcAddress(_v20, "CorExitProcess");
                                                                                                                                                              					_t22 = _t14;
                                                                                                                                                              					if(_t22 != 0) {
                                                                                                                                                              						 *0x11371bc(_a4);
                                                                                                                                                              						_t14 =  *_t22();
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              				if(_v20 != 0) {
                                                                                                                                                              					_t14 = FreeLibrary(_v20);
                                                                                                                                                              				}
                                                                                                                                                              				 *[fs:0x0] = _v16;
                                                                                                                                                              				return _t14;
                                                                                                                                                              			}











                                                                                                                                                              0x01125b9c
                                                                                                                                                              0x01125ba7
                                                                                                                                                              0x01125bad
                                                                                                                                                              0x01125bb1
                                                                                                                                                              0x01125bbc
                                                                                                                                                              0x01125bc4
                                                                                                                                                              0x01125bce
                                                                                                                                                              0x01125bd4
                                                                                                                                                              0x01125bd8
                                                                                                                                                              0x01125bdf
                                                                                                                                                              0x01125be5
                                                                                                                                                              0x01125be5
                                                                                                                                                              0x01125bd8
                                                                                                                                                              0x01125beb
                                                                                                                                                              0x01125bf0
                                                                                                                                                              0x01125bf0
                                                                                                                                                              0x01125bf9
                                                                                                                                                              0x01125c03

                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,90716B2B,?,?,00000000,01136884,000000FF,?,01125B5A,?,?,01125B2E,00000000), ref: 01125BBC
                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01125BCE
                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,01136884,000000FF,?,01125B5A,?,?,01125B2E,00000000), ref: 01125BF0
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: b58c7e96b40e04d12c855cfcf501a47608c7b66244c6e447ae4dca87aaf69254
                                                                                                                                                              • Instruction ID: 956a8180bd117e0b5856330540b39e21749a613b37b7f4aef688c48cedc5b413
                                                                                                                                                              • Opcode Fuzzy Hash: b58c7e96b40e04d12c855cfcf501a47608c7b66244c6e447ae4dca87aaf69254
                                                                                                                                                              • Instruction Fuzzy Hash: D701AC72914655AFDB198F54DC45FEE7BFAFB44710F000129F921921C4D7749940CF50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E0111E451(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				signed int _v12;
                                                                                                                                                              				intOrPtr* _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				char _v24;
                                                                                                                                                              				intOrPtr _v28;
                                                                                                                                                              				signed int _v36;
                                                                                                                                                              				void* _v40;
                                                                                                                                                              				intOrPtr _v44;
                                                                                                                                                              				signed int _v48;
                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                              				void _v60;
                                                                                                                                                              				signed char* _v68;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				void* __ebp;
                                                                                                                                                              				void* _t74;
                                                                                                                                                              				void* _t75;
                                                                                                                                                              				char _t76;
                                                                                                                                                              				signed char _t78;
                                                                                                                                                              				signed int _t80;
                                                                                                                                                              				signed char* _t81;
                                                                                                                                                              				signed int _t82;
                                                                                                                                                              				signed int _t83;
                                                                                                                                                              				intOrPtr* _t87;
                                                                                                                                                              				void* _t90;
                                                                                                                                                              				signed char* _t93;
                                                                                                                                                              				intOrPtr* _t96;
                                                                                                                                                              				signed char _t97;
                                                                                                                                                              				intOrPtr _t98;
                                                                                                                                                              				intOrPtr _t99;
                                                                                                                                                              				intOrPtr* _t101;
                                                                                                                                                              				signed int _t102;
                                                                                                                                                              				signed int _t103;
                                                                                                                                                              				signed char _t108;
                                                                                                                                                              				signed char* _t111;
                                                                                                                                                              				signed int _t112;
                                                                                                                                                              				void* _t113;
                                                                                                                                                              				signed char* _t116;
                                                                                                                                                              				void* _t121;
                                                                                                                                                              				signed int _t123;
                                                                                                                                                              				void* _t130;
                                                                                                                                                              				void* _t131;
                                                                                                                                                              
                                                                                                                                                              				_t110 = __edx;
                                                                                                                                                              				_t100 = __ecx;
                                                                                                                                                              				_t96 = _a4;
                                                                                                                                                              				if( *_t96 == 0x80000003) {
                                                                                                                                                              					return _t74;
                                                                                                                                                              				} else {
                                                                                                                                                              					_push(_t121);
                                                                                                                                                              					_push(_t113);
                                                                                                                                                              					_t75 = E0111DD62(_t96, __ecx, __edx, _t113, _t121);
                                                                                                                                                              					if( *((intOrPtr*)(_t75 + 8)) != 0) {
                                                                                                                                                              						__imp__EncodePointer(0);
                                                                                                                                                              						_t121 = _t75;
                                                                                                                                                              						if( *((intOrPtr*)(E0111DD62(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
                                                                                                                                                              							_t87 = E0111D09B(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
                                                                                                                                                              							_t130 = _t130 + 0x1c;
                                                                                                                                                              							if(_t87 != 0) {
                                                                                                                                                              								L16:
                                                                                                                                                              								return _t87;
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					_t76 = _a20;
                                                                                                                                                              					_v24 = _t76;
                                                                                                                                                              					_v20 = 0;
                                                                                                                                                              					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
                                                                                                                                                              						_push(_a28);
                                                                                                                                                              						E0111CFCE(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
                                                                                                                                                              						_t112 = _v36;
                                                                                                                                                              						_t131 = _t130 + 0x18;
                                                                                                                                                              						_t87 = _v40;
                                                                                                                                                              						_v16 = _t87;
                                                                                                                                                              						_v8 = _t112;
                                                                                                                                                              						if(_t112 < _v28) {
                                                                                                                                                              							_t102 = _t112 * 0x14;
                                                                                                                                                              							_v12 = _t102;
                                                                                                                                                              							do {
                                                                                                                                                              								_t103 = 5;
                                                                                                                                                              								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
                                                                                                                                                              								_t131 = _t131 + 0xc;
                                                                                                                                                              								if(_v60 <= _t90 && _t90 <= _v56) {
                                                                                                                                                              									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
                                                                                                                                                              									_t108 = _t93[4];
                                                                                                                                                              									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
                                                                                                                                                              										if(( *_t93 & 0x00000040) == 0) {
                                                                                                                                                              											_push(0);
                                                                                                                                                              											_push(1);
                                                                                                                                                              											E0111E027(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
                                                                                                                                                              											_t112 = _v8;
                                                                                                                                                              											_t131 = _t131 + 0x30;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              								_t112 = _t112 + 1;
                                                                                                                                                              								_t87 = _v16;
                                                                                                                                                              								_t102 = _v12 + 0x14;
                                                                                                                                                              								_v8 = _t112;
                                                                                                                                                              								_v12 = _t102;
                                                                                                                                                              							} while (_t112 < _v28);
                                                                                                                                                              						}
                                                                                                                                                              						goto L16;
                                                                                                                                                              					}
                                                                                                                                                              					E01126A4A(_t96, _t100, _t110, 0, _t121);
                                                                                                                                                              					asm("int3");
                                                                                                                                                              					_t111 = _v68;
                                                                                                                                                              					_push(_t96);
                                                                                                                                                              					_push(_t121);
                                                                                                                                                              					_push(0);
                                                                                                                                                              					_t78 = _t111[4];
                                                                                                                                                              					if(_t78 == 0) {
                                                                                                                                                              						L41:
                                                                                                                                                              						_t80 = 1;
                                                                                                                                                              					} else {
                                                                                                                                                              						_t101 = _t78 + 8;
                                                                                                                                                              						if( *_t101 == 0) {
                                                                                                                                                              							goto L41;
                                                                                                                                                              						} else {
                                                                                                                                                              							_t116 = _a4;
                                                                                                                                                              							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
                                                                                                                                                              								_t97 = _t116[4];
                                                                                                                                                              								_t123 = 0;
                                                                                                                                                              								if(_t78 == _t97) {
                                                                                                                                                              									L33:
                                                                                                                                                              									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
                                                                                                                                                              										_t81 = _a8;
                                                                                                                                                              										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
                                                                                                                                                              											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
                                                                                                                                                              												_t123 = 1;
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              									_t80 = _t123;
                                                                                                                                                              								} else {
                                                                                                                                                              									_t59 = _t97 + 8; // 0x6e
                                                                                                                                                              									_t82 = _t59;
                                                                                                                                                              									while(1) {
                                                                                                                                                              										_t98 =  *_t101;
                                                                                                                                                              										if(_t98 !=  *_t82) {
                                                                                                                                                              											break;
                                                                                                                                                              										}
                                                                                                                                                              										if(_t98 == 0) {
                                                                                                                                                              											L29:
                                                                                                                                                              											_t83 = _t123;
                                                                                                                                                              										} else {
                                                                                                                                                              											_t99 =  *((intOrPtr*)(_t101 + 1));
                                                                                                                                                              											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
                                                                                                                                                              												break;
                                                                                                                                                              											} else {
                                                                                                                                                              												_t101 = _t101 + 2;
                                                                                                                                                              												_t82 = _t82 + 2;
                                                                                                                                                              												if(_t99 != 0) {
                                                                                                                                                              													continue;
                                                                                                                                                              												} else {
                                                                                                                                                              													goto L29;
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              										L31:
                                                                                                                                                              										if(_t83 == 0) {
                                                                                                                                                              											goto L33;
                                                                                                                                                              										} else {
                                                                                                                                                              											_t80 = 0;
                                                                                                                                                              										}
                                                                                                                                                              										goto L42;
                                                                                                                                                              									}
                                                                                                                                                              									asm("sbb eax, eax");
                                                                                                                                                              									_t83 = _t82 | 0x00000001;
                                                                                                                                                              									goto L31;
                                                                                                                                                              								}
                                                                                                                                                              							} else {
                                                                                                                                                              								goto L41;
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              					}
                                                                                                                                                              					L42:
                                                                                                                                                              					return _t80;
                                                                                                                                                              				}
                                                                                                                                                              			}















































                                                                                                                                                              0x0111e451
                                                                                                                                                              0x0111e451
                                                                                                                                                              0x0111e458
                                                                                                                                                              0x0111e461
                                                                                                                                                              0x0111e580
                                                                                                                                                              0x0111e467
                                                                                                                                                              0x0111e467
                                                                                                                                                              0x0111e468
                                                                                                                                                              0x0111e469
                                                                                                                                                              0x0111e473
                                                                                                                                                              0x0111e476
                                                                                                                                                              0x0111e47c
                                                                                                                                                              0x0111e486
                                                                                                                                                              0x0111e4ab
                                                                                                                                                              0x0111e4b0
                                                                                                                                                              0x0111e4b5
                                                                                                                                                              0x0111e57c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e57d
                                                                                                                                                              0x0111e4b5
                                                                                                                                                              0x0111e486
                                                                                                                                                              0x0111e4bb
                                                                                                                                                              0x0111e4be
                                                                                                                                                              0x0111e4c1
                                                                                                                                                              0x0111e4c7
                                                                                                                                                              0x0111e4cd
                                                                                                                                                              0x0111e4df
                                                                                                                                                              0x0111e4e4
                                                                                                                                                              0x0111e4e7
                                                                                                                                                              0x0111e4ea
                                                                                                                                                              0x0111e4ed
                                                                                                                                                              0x0111e4f0
                                                                                                                                                              0x0111e4f6
                                                                                                                                                              0x0111e4fc
                                                                                                                                                              0x0111e4ff
                                                                                                                                                              0x0111e502
                                                                                                                                                              0x0111e511
                                                                                                                                                              0x0111e512
                                                                                                                                                              0x0111e512
                                                                                                                                                              0x0111e517
                                                                                                                                                              0x0111e52a
                                                                                                                                                              0x0111e52c
                                                                                                                                                              0x0111e531
                                                                                                                                                              0x0111e53c
                                                                                                                                                              0x0111e53e
                                                                                                                                                              0x0111e540
                                                                                                                                                              0x0111e55c
                                                                                                                                                              0x0111e561
                                                                                                                                                              0x0111e564
                                                                                                                                                              0x0111e564
                                                                                                                                                              0x0111e53c
                                                                                                                                                              0x0111e531
                                                                                                                                                              0x0111e56a
                                                                                                                                                              0x0111e56b
                                                                                                                                                              0x0111e56e
                                                                                                                                                              0x0111e571
                                                                                                                                                              0x0111e574
                                                                                                                                                              0x0111e577
                                                                                                                                                              0x0111e502
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e4f6
                                                                                                                                                              0x0111e581
                                                                                                                                                              0x0111e586
                                                                                                                                                              0x0111e58a
                                                                                                                                                              0x0111e58d
                                                                                                                                                              0x0111e58e
                                                                                                                                                              0x0111e58f
                                                                                                                                                              0x0111e590
                                                                                                                                                              0x0111e595
                                                                                                                                                              0x0111e60d
                                                                                                                                                              0x0111e60f
                                                                                                                                                              0x0111e597
                                                                                                                                                              0x0111e597
                                                                                                                                                              0x0111e59d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e59f
                                                                                                                                                              0x0111e5a2
                                                                                                                                                              0x0111e5a5
                                                                                                                                                              0x0111e5ac
                                                                                                                                                              0x0111e5af
                                                                                                                                                              0x0111e5b3
                                                                                                                                                              0x0111e5e5
                                                                                                                                                              0x0111e5e8
                                                                                                                                                              0x0111e5ef
                                                                                                                                                              0x0111e5f5
                                                                                                                                                              0x0111e5ff
                                                                                                                                                              0x0111e608
                                                                                                                                                              0x0111e608
                                                                                                                                                              0x0111e5ff
                                                                                                                                                              0x0111e5f5
                                                                                                                                                              0x0111e609
                                                                                                                                                              0x0111e5b5
                                                                                                                                                              0x0111e5b5
                                                                                                                                                              0x0111e5b5
                                                                                                                                                              0x0111e5b8
                                                                                                                                                              0x0111e5b8
                                                                                                                                                              0x0111e5bc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5c0
                                                                                                                                                              0x0111e5d4
                                                                                                                                                              0x0111e5d4
                                                                                                                                                              0x0111e5c2
                                                                                                                                                              0x0111e5c2
                                                                                                                                                              0x0111e5c8
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5ca
                                                                                                                                                              0x0111e5ca
                                                                                                                                                              0x0111e5cd
                                                                                                                                                              0x0111e5d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5d2
                                                                                                                                                              0x0111e5c8
                                                                                                                                                              0x0111e5dd
                                                                                                                                                              0x0111e5df
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5e1
                                                                                                                                                              0x0111e5e1
                                                                                                                                                              0x0111e5e1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5df
                                                                                                                                                              0x0111e5d8
                                                                                                                                                              0x0111e5da
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5da
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111e5a5
                                                                                                                                                              0x0111e59d
                                                                                                                                                              0x0111e610
                                                                                                                                                              0x0111e614
                                                                                                                                                              0x0111e614

                                                                                                                                                              APIs
                                                                                                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0111E476
                                                                                                                                                              • CatchIt.LIBVCRUNTIME ref: 0111E55C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CatchEncodePointer
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 1435073870-2084237596
                                                                                                                                                              • Opcode ID: c0ee02df1cfc5408fda73e10724516d247e98bb8cd04698fff9bf09aebc11d43
                                                                                                                                                              • Instruction ID: 534e122059125271a4cd10590cb16bf98536c0a149775fb4dc0880dc5ad99a05
                                                                                                                                                              • Opcode Fuzzy Hash: c0ee02df1cfc5408fda73e10724516d247e98bb8cd04698fff9bf09aebc11d43
                                                                                                                                                              • Instruction Fuzzy Hash: ED415975901209AFDF1ACF98D880EAEBBB5FF08304F188069FE05A7259E3359950DB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                              			E01129863(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
                                                                                                                                                              				char _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				char _v28;
                                                                                                                                                              				char _v35;
                                                                                                                                                              				signed char _v36;
                                                                                                                                                              				void _v44;
                                                                                                                                                              				long _v48;
                                                                                                                                                              				signed char* _v52;
                                                                                                                                                              				char _v53;
                                                                                                                                                              				long _v60;
                                                                                                                                                              				intOrPtr _v64;
                                                                                                                                                              				struct _OVERLAPPED* _v68;
                                                                                                                                                              				signed int _v72;
                                                                                                                                                              				struct _OVERLAPPED* _v76;
                                                                                                                                                              				signed int _v80;
                                                                                                                                                              				signed int _v84;
                                                                                                                                                              				intOrPtr _v88;
                                                                                                                                                              				void _v92;
                                                                                                                                                              				long _v96;
                                                                                                                                                              				signed char* _v100;
                                                                                                                                                              				void* _v104;
                                                                                                                                                              				intOrPtr _v108;
                                                                                                                                                              				char _v112;
                                                                                                                                                              				int _v116;
                                                                                                                                                              				struct _OVERLAPPED* _v120;
                                                                                                                                                              				struct _OVERLAPPED* _v124;
                                                                                                                                                              				struct _OVERLAPPED* _v128;
                                                                                                                                                              				struct _OVERLAPPED* _v132;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				signed int _t177;
                                                                                                                                                              				signed int _t178;
                                                                                                                                                              				signed int _t180;
                                                                                                                                                              				int _t186;
                                                                                                                                                              				signed char* _t190;
                                                                                                                                                              				signed char _t195;
                                                                                                                                                              				intOrPtr _t198;
                                                                                                                                                              				void* _t200;
                                                                                                                                                              				signed char* _t201;
                                                                                                                                                              				long _t205;
                                                                                                                                                              				intOrPtr _t210;
                                                                                                                                                              				void _t212;
                                                                                                                                                              				signed char* _t217;
                                                                                                                                                              				void* _t224;
                                                                                                                                                              				char _t227;
                                                                                                                                                              				struct _OVERLAPPED* _t229;
                                                                                                                                                              				void* _t238;
                                                                                                                                                              				signed int _t240;
                                                                                                                                                              				signed char* _t243;
                                                                                                                                                              				long _t246;
                                                                                                                                                              				intOrPtr _t247;
                                                                                                                                                              				signed char* _t248;
                                                                                                                                                              				void* _t258;
                                                                                                                                                              				intOrPtr _t265;
                                                                                                                                                              				void* _t266;
                                                                                                                                                              				struct _OVERLAPPED* _t267;
                                                                                                                                                              				signed int _t268;
                                                                                                                                                              				signed int _t273;
                                                                                                                                                              				intOrPtr* _t279;
                                                                                                                                                              				signed int _t281;
                                                                                                                                                              				signed int _t285;
                                                                                                                                                              				signed char _t286;
                                                                                                                                                              				long _t287;
                                                                                                                                                              				signed int _t291;
                                                                                                                                                              				signed char* _t292;
                                                                                                                                                              				struct _OVERLAPPED* _t296;
                                                                                                                                                              				void* _t299;
                                                                                                                                                              				signed int _t300;
                                                                                                                                                              				signed int _t302;
                                                                                                                                                              				struct _OVERLAPPED* _t303;
                                                                                                                                                              				signed char* _t306;
                                                                                                                                                              				intOrPtr* _t307;
                                                                                                                                                              				void* _t308;
                                                                                                                                                              				signed int _t309;
                                                                                                                                                              				long _t310;
                                                                                                                                                              				signed int _t311;
                                                                                                                                                              				signed int _t312;
                                                                                                                                                              				signed int _t313;
                                                                                                                                                              				void* _t314;
                                                                                                                                                              				void* _t315;
                                                                                                                                                              				void* _t316;
                                                                                                                                                              
                                                                                                                                                              				_push(0xffffffff);
                                                                                                                                                              				_push(0x11368db);
                                                                                                                                                              				_push( *[fs:0x0]);
                                                                                                                                                              				_t315 = _t314 - 0x74;
                                                                                                                                                              				_t177 =  *0x1142008; // 0x90716b2b
                                                                                                                                                              				_t178 = _t177 ^ _t313;
                                                                                                                                                              				_v20 = _t178;
                                                                                                                                                              				_push(_t178);
                                                                                                                                                              				 *[fs:0x0] =  &_v16;
                                                                                                                                                              				_t180 = _a8;
                                                                                                                                                              				_t306 = _a12;
                                                                                                                                                              				_t265 = _a20;
                                                                                                                                                              				_t268 = (_t180 & 0x0000003f) * 0x38;
                                                                                                                                                              				_t291 = _t180 >> 6;
                                                                                                                                                              				_v100 = _t306;
                                                                                                                                                              				_v64 = _t265;
                                                                                                                                                              				_v84 = _t291;
                                                                                                                                                              				_v72 = _t268;
                                                                                                                                                              				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x11431b8 + _t291 * 4)) + _t268 + 0x18));
                                                                                                                                                              				_v88 = _a16 + _t306;
                                                                                                                                                              				_t186 = GetConsoleOutputCP();
                                                                                                                                                              				_t317 =  *((char*)(_t265 + 0x14));
                                                                                                                                                              				_v116 = _t186;
                                                                                                                                                              				if( *((char*)(_t265 + 0x14)) == 0) {
                                                                                                                                                              					E011234B0(_t265, _t291, _t317);
                                                                                                                                                              				}
                                                                                                                                                              				_t307 = _a4;
                                                                                                                                                              				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
                                                                                                                                                              				asm("stosd");
                                                                                                                                                              				asm("stosd");
                                                                                                                                                              				asm("stosd");
                                                                                                                                                              				_t190 = _v100;
                                                                                                                                                              				_t292 = _t190;
                                                                                                                                                              				_v52 = _t292;
                                                                                                                                                              				if(_t190 < _v88) {
                                                                                                                                                              					_t300 = _v72;
                                                                                                                                                              					_t267 = 0;
                                                                                                                                                              					_v76 = 0;
                                                                                                                                                              					do {
                                                                                                                                                              						_v53 =  *_t292;
                                                                                                                                                              						_v68 = _t267;
                                                                                                                                                              						_v48 = 1;
                                                                                                                                                              						_t273 =  *(0x11431b8 + _v84 * 4);
                                                                                                                                                              						_v80 = _t273;
                                                                                                                                                              						if(_v108 != 0xfde9) {
                                                                                                                                                              							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
                                                                                                                                                              							__eflags = _t195 & 0x00000004;
                                                                                                                                                              							if((_t195 & 0x00000004) == 0) {
                                                                                                                                                              								_t273 =  *_t292 & 0x000000ff;
                                                                                                                                                              								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
                                                                                                                                                              								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
                                                                                                                                                              								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
                                                                                                                                                              									_push(_v64);
                                                                                                                                                              									_push(1);
                                                                                                                                                              									_push(_t292);
                                                                                                                                                              									goto L29;
                                                                                                                                                              								} else {
                                                                                                                                                              									_t217 =  &(_t292[1]);
                                                                                                                                                              									_v60 = _t217;
                                                                                                                                                              									__eflags = _t217 - _v88;
                                                                                                                                                              									if(_t217 >= _v88) {
                                                                                                                                                              										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
                                                                                                                                                              										 *( *(0x11431b8 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x11431b8 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
                                                                                                                                                              										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
                                                                                                                                                              									} else {
                                                                                                                                                              										_t224 = E01129404(_t273, _t292,  &_v68, _t292, 2, _v64);
                                                                                                                                                              										_t316 = _t315 + 0x10;
                                                                                                                                                              										__eflags = _t224 - 0xffffffff;
                                                                                                                                                              										if(_t224 != 0xffffffff) {
                                                                                                                                                              											_t201 = _v60;
                                                                                                                                                              											goto L31;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							} else {
                                                                                                                                                              								_push(_v64);
                                                                                                                                                              								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
                                                                                                                                                              								_t227 =  *_t292;
                                                                                                                                                              								_v35 = _t227;
                                                                                                                                                              								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
                                                                                                                                                              								_push(2);
                                                                                                                                                              								_push( &_v36);
                                                                                                                                                              								L29:
                                                                                                                                                              								_push( &_v68);
                                                                                                                                                              								_t200 = E01129404(_t273, _t292);
                                                                                                                                                              								_t316 = _t315 + 0x10;
                                                                                                                                                              								__eflags = _t200 - 0xffffffff;
                                                                                                                                                              								if(_t200 != 0xffffffff) {
                                                                                                                                                              									_t201 = _v52;
                                                                                                                                                              									goto L31;
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              						} else {
                                                                                                                                                              							_t229 = _t267;
                                                                                                                                                              							_t279 = _t273 + 0x2e + _t300;
                                                                                                                                                              							while( *_t279 != _t267) {
                                                                                                                                                              								_t229 =  &(_t229->Internal);
                                                                                                                                                              								_t279 = _t279 + 1;
                                                                                                                                                              								if(_t229 < 5) {
                                                                                                                                                              									continue;
                                                                                                                                                              								}
                                                                                                                                                              								break;
                                                                                                                                                              							}
                                                                                                                                                              							_t302 = _v88 - _t292;
                                                                                                                                                              							_v48 = _t229;
                                                                                                                                                              							if(_t229 == 0) {
                                                                                                                                                              								_t73 = ( *_t292 & 0x000000ff) + 0x1142788; // 0x0
                                                                                                                                                              								_t281 =  *_t73 + 1;
                                                                                                                                                              								_v80 = _t281;
                                                                                                                                                              								__eflags = _t281 - _t302;
                                                                                                                                                              								if(_t281 > _t302) {
                                                                                                                                                              									__eflags = _t302;
                                                                                                                                                              									if(_t302 <= 0) {
                                                                                                                                                              										goto L44;
                                                                                                                                                              									} else {
                                                                                                                                                              										_t309 = _v72;
                                                                                                                                                              										do {
                                                                                                                                                              											 *((char*)( *(0x11431b8 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
                                                                                                                                                              											_t267 =  &(_t267->Internal);
                                                                                                                                                              											__eflags = _t267 - _t302;
                                                                                                                                                              										} while (_t267 < _t302);
                                                                                                                                                              										goto L43;
                                                                                                                                                              									}
                                                                                                                                                              									L52:
                                                                                                                                                              								} else {
                                                                                                                                                              									_v132 = _t267;
                                                                                                                                                              									__eflags = _t281 - 4;
                                                                                                                                                              									_v128 = _t267;
                                                                                                                                                              									_v60 = _t292;
                                                                                                                                                              									_v48 = (_t281 == 4) + 1;
                                                                                                                                                              									_t238 = E0112F884( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
                                                                                                                                                              									_t316 = _t315 + 0x14;
                                                                                                                                                              									__eflags = _t238 - 0xffffffff;
                                                                                                                                                              									if(_t238 != 0xffffffff) {
                                                                                                                                                              										_t240 =  &(_v52[_v80]);
                                                                                                                                                              										__eflags = _t240;
                                                                                                                                                              										_t300 = _v72;
                                                                                                                                                              										goto L21;
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							} else {
                                                                                                                                                              								_t285 = _v72;
                                                                                                                                                              								_t243 = _v80 + 0x2e + _t285;
                                                                                                                                                              								_v80 = _t243;
                                                                                                                                                              								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x1142788)) + 1;
                                                                                                                                                              								_v60 = _t246;
                                                                                                                                                              								_t247 = _t246 - _v48;
                                                                                                                                                              								_v76 = _t247;
                                                                                                                                                              								if(_t247 > _t302) {
                                                                                                                                                              									__eflags = _t302;
                                                                                                                                                              									if(_t302 > 0) {
                                                                                                                                                              										_t248 = _v52;
                                                                                                                                                              										_t310 = _v48;
                                                                                                                                                              										do {
                                                                                                                                                              											_t286 =  *((intOrPtr*)(_t267 + _t248));
                                                                                                                                                              											_t292 =  *(0x11431b8 + _v84 * 4) + _t285 + _t267;
                                                                                                                                                              											_t267 =  &(_t267->Internal);
                                                                                                                                                              											_t292[_t310 + 0x2e] = _t286;
                                                                                                                                                              											_t285 = _v72;
                                                                                                                                                              											__eflags = _t267 - _t302;
                                                                                                                                                              										} while (_t267 < _t302);
                                                                                                                                                              										L43:
                                                                                                                                                              										_t307 = _a4;
                                                                                                                                                              									}
                                                                                                                                                              									L44:
                                                                                                                                                              									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
                                                                                                                                                              								} else {
                                                                                                                                                              									_t287 = _v48;
                                                                                                                                                              									_t303 = _t267;
                                                                                                                                                              									_t311 = _v80;
                                                                                                                                                              									do {
                                                                                                                                                              										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
                                                                                                                                                              										_t303 =  &(_t303->Internal);
                                                                                                                                                              										_t311 = _t311 + 1;
                                                                                                                                                              									} while (_t303 < _t287);
                                                                                                                                                              									_t304 = _v76;
                                                                                                                                                              									if(_v76 > 0) {
                                                                                                                                                              										E0111F040( &_v28 + _t287, _t292, _t304);
                                                                                                                                                              										_t287 = _v48;
                                                                                                                                                              										_t315 = _t315 + 0xc;
                                                                                                                                                              									}
                                                                                                                                                              									_t300 = _v72;
                                                                                                                                                              									_t296 = _t267;
                                                                                                                                                              									_t312 = _v84;
                                                                                                                                                              									do {
                                                                                                                                                              										 *( *((intOrPtr*)(0x11431b8 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
                                                                                                                                                              										_t296 =  &(_t296->Internal);
                                                                                                                                                              									} while (_t296 < _t287);
                                                                                                                                                              									_t307 = _a4;
                                                                                                                                                              									_v112 =  &_v28;
                                                                                                                                                              									_v124 = _t267;
                                                                                                                                                              									_v120 = _t267;
                                                                                                                                                              									_v48 = (_v60 == 4) + 1;
                                                                                                                                                              									_t258 = E0112F884( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
                                                                                                                                                              									_t316 = _t315 + 0x14;
                                                                                                                                                              									if(_t258 != 0xffffffff) {
                                                                                                                                                              										_t240 =  &(_v52[_v76]);
                                                                                                                                                              										L21:
                                                                                                                                                              										_t201 = _t240 - 1;
                                                                                                                                                              										L31:
                                                                                                                                                              										_v52 = _t201 + 1;
                                                                                                                                                              										_t205 = E0112B787(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
                                                                                                                                                              										_t315 = _t316 + 0x20;
                                                                                                                                                              										_v60 = _t205;
                                                                                                                                                              										if(_t205 != 0) {
                                                                                                                                                              											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
                                                                                                                                                              												L50:
                                                                                                                                                              												 *_t307 = GetLastError();
                                                                                                                                                              											} else {
                                                                                                                                                              												_t292 = _v52;
                                                                                                                                                              												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
                                                                                                                                                              												_v76 = _t210;
                                                                                                                                                              												 *((intOrPtr*)(_t307 + 4)) = _t210;
                                                                                                                                                              												if(_v96 >= _v60) {
                                                                                                                                                              													if(_v53 != 0xa) {
                                                                                                                                                              														goto L38;
                                                                                                                                                              													} else {
                                                                                                                                                              														_t212 = 0xd;
                                                                                                                                                              														_v92 = _t212;
                                                                                                                                                              														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
                                                                                                                                                              															goto L50;
                                                                                                                                                              														} else {
                                                                                                                                                              															if(_v96 >= 1) {
                                                                                                                                                              																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
                                                                                                                                                              																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
                                                                                                                                                              																_t292 = _v52;
                                                                                                                                                              																_v76 =  *((intOrPtr*)(_t307 + 4));
                                                                                                                                                              																goto L38;
                                                                                                                                                              															}
                                                                                                                                                              														}
                                                                                                                                                              													}
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              						goto L51;
                                                                                                                                                              						L38:
                                                                                                                                                              					} while (_t292 < _v88);
                                                                                                                                                              				}
                                                                                                                                                              				L51:
                                                                                                                                                              				 *[fs:0x0] = _v16;
                                                                                                                                                              				_pop(_t299);
                                                                                                                                                              				_pop(_t308);
                                                                                                                                                              				_pop(_t266);
                                                                                                                                                              				return E0111C2E8(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
                                                                                                                                                              				goto L52;
                                                                                                                                                              			}





















































































                                                                                                                                                              0x01129868
                                                                                                                                                              0x0112986a
                                                                                                                                                              0x01129875
                                                                                                                                                              0x01129876
                                                                                                                                                              0x01129879
                                                                                                                                                              0x0112987e
                                                                                                                                                              0x01129880
                                                                                                                                                              0x01129886
                                                                                                                                                              0x0112988a
                                                                                                                                                              0x01129890
                                                                                                                                                              0x01129895
                                                                                                                                                              0x0112989b
                                                                                                                                                              0x0112989e
                                                                                                                                                              0x011298a1
                                                                                                                                                              0x011298a4
                                                                                                                                                              0x011298a7
                                                                                                                                                              0x011298aa
                                                                                                                                                              0x011298b4
                                                                                                                                                              0x011298bb
                                                                                                                                                              0x011298c3
                                                                                                                                                              0x011298c6
                                                                                                                                                              0x011298cc
                                                                                                                                                              0x011298d0
                                                                                                                                                              0x011298d3
                                                                                                                                                              0x011298d7
                                                                                                                                                              0x011298d7
                                                                                                                                                              0x011298df
                                                                                                                                                              0x011298e7
                                                                                                                                                              0x011298ec
                                                                                                                                                              0x011298ed
                                                                                                                                                              0x011298ee
                                                                                                                                                              0x011298ef
                                                                                                                                                              0x011298f2
                                                                                                                                                              0x011298f4
                                                                                                                                                              0x011298fa
                                                                                                                                                              0x01129900
                                                                                                                                                              0x01129903
                                                                                                                                                              0x01129905
                                                                                                                                                              0x01129908
                                                                                                                                                              0x01129911
                                                                                                                                                              0x01129917
                                                                                                                                                              0x0112991a
                                                                                                                                                              0x01129921
                                                                                                                                                              0x01129928
                                                                                                                                                              0x0112992b
                                                                                                                                                              0x01129a65
                                                                                                                                                              0x01129a69
                                                                                                                                                              0x01129a6c
                                                                                                                                                              0x01129a8f
                                                                                                                                                              0x01129a95
                                                                                                                                                              0x01129a97
                                                                                                                                                              0x01129a9b
                                                                                                                                                              0x01129acc
                                                                                                                                                              0x01129acf
                                                                                                                                                              0x01129ad1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129a9d
                                                                                                                                                              0x01129a9d
                                                                                                                                                              0x01129aa0
                                                                                                                                                              0x01129aa3
                                                                                                                                                              0x01129aa6
                                                                                                                                                              0x01129bf0
                                                                                                                                                              0x01129bfe
                                                                                                                                                              0x01129c07
                                                                                                                                                              0x01129aac
                                                                                                                                                              0x01129ab6
                                                                                                                                                              0x01129abb
                                                                                                                                                              0x01129abe
                                                                                                                                                              0x01129ac1
                                                                                                                                                              0x01129ac7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129ac7
                                                                                                                                                              0x01129ac1
                                                                                                                                                              0x01129aa6
                                                                                                                                                              0x01129a6e
                                                                                                                                                              0x01129a75
                                                                                                                                                              0x01129a78
                                                                                                                                                              0x01129a7b
                                                                                                                                                              0x01129a7d
                                                                                                                                                              0x01129a80
                                                                                                                                                              0x01129a87
                                                                                                                                                              0x01129a89
                                                                                                                                                              0x01129ad2
                                                                                                                                                              0x01129ad5
                                                                                                                                                              0x01129ad6
                                                                                                                                                              0x01129adb
                                                                                                                                                              0x01129ade
                                                                                                                                                              0x01129ae1
                                                                                                                                                              0x01129ae7
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129ae7
                                                                                                                                                              0x01129ae1
                                                                                                                                                              0x01129931
                                                                                                                                                              0x01129934
                                                                                                                                                              0x01129936
                                                                                                                                                              0x01129938
                                                                                                                                                              0x0112993c
                                                                                                                                                              0x0112993d
                                                                                                                                                              0x01129941
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129941
                                                                                                                                                              0x01129946
                                                                                                                                                              0x01129948
                                                                                                                                                              0x0112994d
                                                                                                                                                              0x01129a0d
                                                                                                                                                              0x01129a14
                                                                                                                                                              0x01129a15
                                                                                                                                                              0x01129a18
                                                                                                                                                              0x01129a1a
                                                                                                                                                              0x01129bca
                                                                                                                                                              0x01129bcc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129bce
                                                                                                                                                              0x01129bce
                                                                                                                                                              0x01129bd1
                                                                                                                                                              0x01129be0
                                                                                                                                                              0x01129be4
                                                                                                                                                              0x01129be5
                                                                                                                                                              0x01129be5
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129be9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129a20
                                                                                                                                                              0x01129a25
                                                                                                                                                              0x01129a28
                                                                                                                                                              0x01129a2b
                                                                                                                                                              0x01129a31
                                                                                                                                                              0x01129a3a
                                                                                                                                                              0x01129a45
                                                                                                                                                              0x01129a4a
                                                                                                                                                              0x01129a4d
                                                                                                                                                              0x01129a50
                                                                                                                                                              0x01129a59
                                                                                                                                                              0x01129a59
                                                                                                                                                              0x01129a5c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129a5c
                                                                                                                                                              0x01129a50
                                                                                                                                                              0x01129953
                                                                                                                                                              0x01129956
                                                                                                                                                              0x0112995c
                                                                                                                                                              0x0112995e
                                                                                                                                                              0x0112996b
                                                                                                                                                              0x0112996c
                                                                                                                                                              0x0112996f
                                                                                                                                                              0x01129972
                                                                                                                                                              0x01129977
                                                                                                                                                              0x01129b9b
                                                                                                                                                              0x01129b9d
                                                                                                                                                              0x01129b9f
                                                                                                                                                              0x01129ba2
                                                                                                                                                              0x01129ba5
                                                                                                                                                              0x01129bb1
                                                                                                                                                              0x01129bb4
                                                                                                                                                              0x01129bb6
                                                                                                                                                              0x01129bb7
                                                                                                                                                              0x01129bbb
                                                                                                                                                              0x01129bbe
                                                                                                                                                              0x01129bbe
                                                                                                                                                              0x01129bc2
                                                                                                                                                              0x01129bc2
                                                                                                                                                              0x01129bc2
                                                                                                                                                              0x01129bc5
                                                                                                                                                              0x01129bc5
                                                                                                                                                              0x0112997d
                                                                                                                                                              0x0112997d
                                                                                                                                                              0x01129980
                                                                                                                                                              0x01129982
                                                                                                                                                              0x01129985
                                                                                                                                                              0x01129987
                                                                                                                                                              0x0112998b
                                                                                                                                                              0x0112998c
                                                                                                                                                              0x0112998d
                                                                                                                                                              0x01129991
                                                                                                                                                              0x01129996
                                                                                                                                                              0x011299a0
                                                                                                                                                              0x011299a5
                                                                                                                                                              0x011299a8
                                                                                                                                                              0x011299a8
                                                                                                                                                              0x011299ab
                                                                                                                                                              0x011299ae
                                                                                                                                                              0x011299b0
                                                                                                                                                              0x011299b3
                                                                                                                                                              0x011299bc
                                                                                                                                                              0x011299c0
                                                                                                                                                              0x011299c1
                                                                                                                                                              0x011299c8
                                                                                                                                                              0x011299ce
                                                                                                                                                              0x011299d6
                                                                                                                                                              0x011299e1
                                                                                                                                                              0x011299e6
                                                                                                                                                              0x011299f1
                                                                                                                                                              0x011299f6
                                                                                                                                                              0x011299fc
                                                                                                                                                              0x01129a05
                                                                                                                                                              0x01129a5f
                                                                                                                                                              0x01129a5f
                                                                                                                                                              0x01129aea
                                                                                                                                                              0x01129aef
                                                                                                                                                              0x01129b01
                                                                                                                                                              0x01129b06
                                                                                                                                                              0x01129b09
                                                                                                                                                              0x01129b0e
                                                                                                                                                              0x01129b29
                                                                                                                                                              0x01129c0c
                                                                                                                                                              0x01129c12
                                                                                                                                                              0x01129b2f
                                                                                                                                                              0x01129b2f
                                                                                                                                                              0x01129b3a
                                                                                                                                                              0x01129b3c
                                                                                                                                                              0x01129b3f
                                                                                                                                                              0x01129b48
                                                                                                                                                              0x01129b52
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129b54
                                                                                                                                                              0x01129b56
                                                                                                                                                              0x01129b58
                                                                                                                                                              0x01129b71
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129b77
                                                                                                                                                              0x01129b7b
                                                                                                                                                              0x01129b81
                                                                                                                                                              0x01129b84
                                                                                                                                                              0x01129b8a
                                                                                                                                                              0x01129b8d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129b8d
                                                                                                                                                              0x01129b7b
                                                                                                                                                              0x01129b71
                                                                                                                                                              0x01129b52
                                                                                                                                                              0x01129b48
                                                                                                                                                              0x01129b29
                                                                                                                                                              0x01129b0e
                                                                                                                                                              0x011299fc
                                                                                                                                                              0x01129977
                                                                                                                                                              0x0112994d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01129b90
                                                                                                                                                              0x01129b90
                                                                                                                                                              0x01129b99
                                                                                                                                                              0x01129c14
                                                                                                                                                              0x01129c19
                                                                                                                                                              0x01129c21
                                                                                                                                                              0x01129c22
                                                                                                                                                              0x01129c23
                                                                                                                                                              0x01129c2f
                                                                                                                                                              0x00000000

                                                                                                                                                              APIs
                                                                                                                                                              • GetConsoleOutputCP.KERNEL32(90716B2B,?,00000000,?), ref: 011298C6
                                                                                                                                                                • Part of subcall function 0112B787: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,01130D59,?,00000000,-00000008), ref: 0112B833
                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 01129B21
                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01129B69
                                                                                                                                                              • GetLastError.KERNEL32 ref: 01129C0C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                                              • Opcode ID: 8c1e80fed448e00ed72cb7948636c4589f95cf9aa9201d3b8ff7b668a46aa488
                                                                                                                                                              • Instruction ID: 290a308fb5e6741bf2049db0defe5f711121738fc93dee7d0176ec870761d1cd
                                                                                                                                                              • Opcode Fuzzy Hash: 8c1e80fed448e00ed72cb7948636c4589f95cf9aa9201d3b8ff7b668a46aa488
                                                                                                                                                              • Instruction Fuzzy Hash: D7D17BB5E002699FCF19CFACD880AADBBB5FF09318F18412AE565E7341D730A955CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E0111DE50(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                              				signed int* _t52;
                                                                                                                                                              				signed int _t53;
                                                                                                                                                              				intOrPtr _t54;
                                                                                                                                                              				signed int _t58;
                                                                                                                                                              				signed int _t61;
                                                                                                                                                              				intOrPtr _t71;
                                                                                                                                                              				signed int _t75;
                                                                                                                                                              				signed int _t79;
                                                                                                                                                              				signed int _t81;
                                                                                                                                                              				signed int _t84;
                                                                                                                                                              				signed int _t85;
                                                                                                                                                              				signed int _t97;
                                                                                                                                                              				signed int* _t98;
                                                                                                                                                              				signed char* _t101;
                                                                                                                                                              				signed int _t107;
                                                                                                                                                              				void* _t111;
                                                                                                                                                              
                                                                                                                                                              				_push(0x10);
                                                                                                                                                              				_push(0x1140b60);
                                                                                                                                                              				E0111CE20(__ebx, __edi, __esi);
                                                                                                                                                              				_t75 = 0;
                                                                                                                                                              				_t52 =  *(_t111 + 0x10);
                                                                                                                                                              				_t81 = _t52[1];
                                                                                                                                                              				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
                                                                                                                                                              					L30:
                                                                                                                                                              					_t53 = 0;
                                                                                                                                                              					__eflags = 0;
                                                                                                                                                              					goto L31;
                                                                                                                                                              				} else {
                                                                                                                                                              					_t97 = _t52[2];
                                                                                                                                                              					if(_t97 != 0 ||  *_t52 < 0) {
                                                                                                                                                              						_t84 =  *_t52;
                                                                                                                                                              						_t107 =  *(_t111 + 0xc);
                                                                                                                                                              						if(_t84 >= 0) {
                                                                                                                                                              							_t107 = _t107 + 0xc + _t97;
                                                                                                                                                              						}
                                                                                                                                                              						 *(_t111 - 4) = _t75;
                                                                                                                                                              						_t101 =  *(_t111 + 0x14);
                                                                                                                                                              						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
                                                                                                                                                              							L10:
                                                                                                                                                              							_t54 =  *((intOrPtr*)(_t111 + 8));
                                                                                                                                                              							__eflags = _t84 & 0x00000008;
                                                                                                                                                              							if((_t84 & 0x00000008) == 0) {
                                                                                                                                                              								__eflags =  *_t101 & 0x00000001;
                                                                                                                                                              								if(( *_t101 & 0x00000001) == 0) {
                                                                                                                                                              									_t84 =  *(_t54 + 0x18);
                                                                                                                                                              									__eflags = _t101[0x18] - _t75;
                                                                                                                                                              									if(_t101[0x18] != _t75) {
                                                                                                                                                              										__eflags = _t84;
                                                                                                                                                              										if(_t84 == 0) {
                                                                                                                                                              											goto L32;
                                                                                                                                                              										} else {
                                                                                                                                                              											__eflags = _t107;
                                                                                                                                                              											if(_t107 == 0) {
                                                                                                                                                              												goto L32;
                                                                                                                                                              											} else {
                                                                                                                                                              												__eflags =  *_t101 & 0x00000004;
                                                                                                                                                              												_t79 = 0;
                                                                                                                                                              												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
                                                                                                                                                              												__eflags = _t75;
                                                                                                                                                              												 *(_t111 - 0x20) = _t75;
                                                                                                                                                              												goto L29;
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              									} else {
                                                                                                                                                              										__eflags = _t84;
                                                                                                                                                              										if(_t84 == 0) {
                                                                                                                                                              											goto L32;
                                                                                                                                                              										} else {
                                                                                                                                                              											__eflags = _t107;
                                                                                                                                                              											if(_t107 == 0) {
                                                                                                                                                              												goto L32;
                                                                                                                                                              											} else {
                                                                                                                                                              												E0111F040(_t107, E0111D532(_t84,  &(_t101[8])), _t101[0x14]);
                                                                                                                                                              												goto L29;
                                                                                                                                                              											}
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								} else {
                                                                                                                                                              									__eflags =  *(_t54 + 0x18);
                                                                                                                                                              									if( *(_t54 + 0x18) == 0) {
                                                                                                                                                              										goto L32;
                                                                                                                                                              									} else {
                                                                                                                                                              										__eflags = _t107;
                                                                                                                                                              										if(_t107 == 0) {
                                                                                                                                                              											goto L32;
                                                                                                                                                              										} else {
                                                                                                                                                              											E0111F040(_t107,  *(_t54 + 0x18), _t101[0x14]);
                                                                                                                                                              											__eflags = _t101[0x14] - 4;
                                                                                                                                                              											if(_t101[0x14] == 4) {
                                                                                                                                                              												__eflags =  *_t107;
                                                                                                                                                              												if( *_t107 != 0) {
                                                                                                                                                              													_push( &(_t101[8]));
                                                                                                                                                              													_push( *_t107);
                                                                                                                                                              													goto L21;
                                                                                                                                                              												}
                                                                                                                                                              											}
                                                                                                                                                              											goto L29;
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              								}
                                                                                                                                                              							} else {
                                                                                                                                                              								_t84 =  *(_t54 + 0x18);
                                                                                                                                                              								goto L12;
                                                                                                                                                              							}
                                                                                                                                                              						} else {
                                                                                                                                                              							_t71 =  *0x1142ea8; // 0x0
                                                                                                                                                              							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
                                                                                                                                                              							if(_t71 == 0) {
                                                                                                                                                              								goto L10;
                                                                                                                                                              							} else {
                                                                                                                                                              								 *0x11371bc();
                                                                                                                                                              								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
                                                                                                                                                              								L12:
                                                                                                                                                              								if(_t84 == 0 || _t107 == 0) {
                                                                                                                                                              									L32:
                                                                                                                                                              									E01126A4A(_t75, _t84, _t97, _t101, _t107);
                                                                                                                                                              									asm("int3");
                                                                                                                                                              									_push(8);
                                                                                                                                                              									_push(0x1140b80);
                                                                                                                                                              									E0111CE20(_t75, _t101, _t107);
                                                                                                                                                              									_t98 =  *(_t111 + 0x10);
                                                                                                                                                              									_t85 =  *(_t111 + 0xc);
                                                                                                                                                              									__eflags =  *_t98;
                                                                                                                                                              									if(__eflags >= 0) {
                                                                                                                                                              										_t103 = _t85 + 0xc + _t98[2];
                                                                                                                                                              										__eflags = _t85 + 0xc + _t98[2];
                                                                                                                                                              									} else {
                                                                                                                                                              										_t103 = _t85;
                                                                                                                                                              									}
                                                                                                                                                              									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
                                                                                                                                                              									_t108 =  *(_t111 + 0x14);
                                                                                                                                                              									_push( *(_t111 + 0x14));
                                                                                                                                                              									_push(_t98);
                                                                                                                                                              									_push(_t85);
                                                                                                                                                              									_t77 =  *((intOrPtr*)(_t111 + 8));
                                                                                                                                                              									_push( *((intOrPtr*)(_t111 + 8)));
                                                                                                                                                              									_t58 = E0111DE50(_t77, _t103, _t108, __eflags) - 1;
                                                                                                                                                              									__eflags = _t58;
                                                                                                                                                              									if(_t58 == 0) {
                                                                                                                                                              										_t61 = E0111EB50(_t103, _t108[0x18], E0111D532( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
                                                                                                                                                              									} else {
                                                                                                                                                              										_t61 = _t58 - 1;
                                                                                                                                                              										__eflags = _t61;
                                                                                                                                                              										if(_t61 == 0) {
                                                                                                                                                              											_t61 = E0111EB60(_t103, _t108[0x18], E0111D532( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
                                                                                                                                                              										}
                                                                                                                                                              									}
                                                                                                                                                              									 *(_t111 - 4) = 0xfffffffe;
                                                                                                                                                              									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
                                                                                                                                                              									return _t61;
                                                                                                                                                              								} else {
                                                                                                                                                              									 *_t107 = _t84;
                                                                                                                                                              									_push( &(_t101[8]));
                                                                                                                                                              									_push(_t84);
                                                                                                                                                              									L21:
                                                                                                                                                              									 *_t107 = E0111D532();
                                                                                                                                                              									L29:
                                                                                                                                                              									 *(_t111 - 4) = 0xfffffffe;
                                                                                                                                                              									_t53 = _t75;
                                                                                                                                                              									L31:
                                                                                                                                                              									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
                                                                                                                                                              									return _t53;
                                                                                                                                                              								}
                                                                                                                                                              							}
                                                                                                                                                              						}
                                                                                                                                                              					} else {
                                                                                                                                                              						goto L30;
                                                                                                                                                              					}
                                                                                                                                                              				}
                                                                                                                                                              			}



















                                                                                                                                                              0x0111de50
                                                                                                                                                              0x0111de52
                                                                                                                                                              0x0111de57
                                                                                                                                                              0x0111de5c
                                                                                                                                                              0x0111de5e
                                                                                                                                                              0x0111de61
                                                                                                                                                              0x0111de66
                                                                                                                                                              0x0111df76
                                                                                                                                                              0x0111df76
                                                                                                                                                              0x0111df76
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111de75
                                                                                                                                                              0x0111de75
                                                                                                                                                              0x0111de7a
                                                                                                                                                              0x0111de84
                                                                                                                                                              0x0111de86
                                                                                                                                                              0x0111de8b
                                                                                                                                                              0x0111de90
                                                                                                                                                              0x0111de90
                                                                                                                                                              0x0111de92
                                                                                                                                                              0x0111de95
                                                                                                                                                              0x0111de9a
                                                                                                                                                              0x0111debc
                                                                                                                                                              0x0111debc
                                                                                                                                                              0x0111debf
                                                                                                                                                              0x0111dec2
                                                                                                                                                              0x0111dee0
                                                                                                                                                              0x0111dee3
                                                                                                                                                              0x0111df22
                                                                                                                                                              0x0111df25
                                                                                                                                                              0x0111df28
                                                                                                                                                              0x0111df4d
                                                                                                                                                              0x0111df4f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df51
                                                                                                                                                              0x0111df51
                                                                                                                                                              0x0111df53
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df55
                                                                                                                                                              0x0111df55
                                                                                                                                                              0x0111df5a
                                                                                                                                                              0x0111df5e
                                                                                                                                                              0x0111df5e
                                                                                                                                                              0x0111df5f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df5f
                                                                                                                                                              0x0111df53
                                                                                                                                                              0x0111df2a
                                                                                                                                                              0x0111df2a
                                                                                                                                                              0x0111df2c
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df2e
                                                                                                                                                              0x0111df2e
                                                                                                                                                              0x0111df30
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df32
                                                                                                                                                              0x0111df43
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df48
                                                                                                                                                              0x0111df30
                                                                                                                                                              0x0111df2c
                                                                                                                                                              0x0111dee5
                                                                                                                                                              0x0111dee5
                                                                                                                                                              0x0111dee9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111deef
                                                                                                                                                              0x0111deef
                                                                                                                                                              0x0111def1
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111def7
                                                                                                                                                              0x0111defe
                                                                                                                                                              0x0111df06
                                                                                                                                                              0x0111df0a
                                                                                                                                                              0x0111df0c
                                                                                                                                                              0x0111df0f
                                                                                                                                                              0x0111df14
                                                                                                                                                              0x0111df15
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df15
                                                                                                                                                              0x0111df0f
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111df0a
                                                                                                                                                              0x0111def1
                                                                                                                                                              0x0111dee9
                                                                                                                                                              0x0111dec4
                                                                                                                                                              0x0111dec4
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dec4
                                                                                                                                                              0x0111dea1
                                                                                                                                                              0x0111dea1
                                                                                                                                                              0x0111dea6
                                                                                                                                                              0x0111deab
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111dead
                                                                                                                                                              0x0111deaf
                                                                                                                                                              0x0111deb8
                                                                                                                                                              0x0111dec7
                                                                                                                                                              0x0111dec9
                                                                                                                                                              0x0111df88
                                                                                                                                                              0x0111df88
                                                                                                                                                              0x0111df8d
                                                                                                                                                              0x0111df8e
                                                                                                                                                              0x0111df90
                                                                                                                                                              0x0111df95
                                                                                                                                                              0x0111df9a
                                                                                                                                                              0x0111df9d
                                                                                                                                                              0x0111dfa0
                                                                                                                                                              0x0111dfa3
                                                                                                                                                              0x0111dfac
                                                                                                                                                              0x0111dfac
                                                                                                                                                              0x0111dfa5
                                                                                                                                                              0x0111dfa5
                                                                                                                                                              0x0111dfa5
                                                                                                                                                              0x0111dfaf
                                                                                                                                                              0x0111dfb3
                                                                                                                                                              0x0111dfb6
                                                                                                                                                              0x0111dfb7
                                                                                                                                                              0x0111dfb8
                                                                                                                                                              0x0111dfb9
                                                                                                                                                              0x0111dfbc
                                                                                                                                                              0x0111dfc5
                                                                                                                                                              0x0111dfc5
                                                                                                                                                              0x0111dfc8
                                                                                                                                                              0x0111dffe
                                                                                                                                                              0x0111dfca
                                                                                                                                                              0x0111dfca
                                                                                                                                                              0x0111dfca
                                                                                                                                                              0x0111dfcd
                                                                                                                                                              0x0111dfe4
                                                                                                                                                              0x0111dfe4
                                                                                                                                                              0x0111dfcd
                                                                                                                                                              0x0111e003
                                                                                                                                                              0x0111e00d
                                                                                                                                                              0x0111e019
                                                                                                                                                              0x0111ded7
                                                                                                                                                              0x0111ded7
                                                                                                                                                              0x0111dedc
                                                                                                                                                              0x0111dedd
                                                                                                                                                              0x0111df17
                                                                                                                                                              0x0111df1e
                                                                                                                                                              0x0111df62
                                                                                                                                                              0x0111df62
                                                                                                                                                              0x0111df69
                                                                                                                                                              0x0111df78
                                                                                                                                                              0x0111df7b
                                                                                                                                                              0x0111df87
                                                                                                                                                              0x0111df87
                                                                                                                                                              0x0111dec9
                                                                                                                                                              0x0111deab
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0111de7a

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                              • Opcode ID: 362d6fb0ee76717d89a4765a29d681f91f4ebcf8759e78ac4f6a51aada27ae1d
                                                                                                                                                              • Instruction ID: e12ba0331e1f0c2c6b9059c9f2b59ec24507b79693c6e686d9c1f88a88ae0441
                                                                                                                                                              • Opcode Fuzzy Hash: 362d6fb0ee76717d89a4765a29d681f91f4ebcf8759e78ac4f6a51aada27ae1d
                                                                                                                                                              • Instruction Fuzzy Hash: CC510476601613AFEF2D8F98F848BAAFBA5EF10305F14443DE90187198D731EA41C792
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E01131776(void* _a4, long _a8, DWORD* _a12) {
                                                                                                                                                              				void* _t13;
                                                                                                                                                              
                                                                                                                                                              				_t13 = WriteConsoleW( *0x11428a0, _a4, _a8, _a12, 0);
                                                                                                                                                              				if(_t13 == 0 && GetLastError() == 6) {
                                                                                                                                                              					E0113175F();
                                                                                                                                                              					E01131721();
                                                                                                                                                              					_t13 = WriteConsoleW( *0x11428a0, _a4, _a8, _a12, _t13);
                                                                                                                                                              				}
                                                                                                                                                              				return _t13;
                                                                                                                                                              			}




                                                                                                                                                              0x01131793
                                                                                                                                                              0x01131797
                                                                                                                                                              0x011317a4
                                                                                                                                                              0x011317a9
                                                                                                                                                              0x011317c4
                                                                                                                                                              0x011317c4
                                                                                                                                                              0x011317ca

                                                                                                                                                              APIs
                                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,0112FC47,?,00000001,?,?,?,01129C60,?,?,00000000), ref: 0113178D
                                                                                                                                                              • GetLastError.KERNEL32(?,0112FC47,?,00000001,?,?,?,01129C60,?,?,00000000,?,?,?,0112A21E,?), ref: 01131799
                                                                                                                                                                • Part of subcall function 0113175F: CloseHandle.KERNEL32(FFFFFFFE,011317A9,?,0112FC47,?,00000001,?,?,?,01129C60,?,?,00000000,?,?), ref: 0113176F
                                                                                                                                                              • ___initconout.LIBCMT ref: 011317A9
                                                                                                                                                                • Part of subcall function 01131721: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,01131750,0112FC34,?,?,01129C60,?,?,00000000,?), ref: 01131734
                                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,0112FC47,?,00000001,?,?,?,01129C60,?,?,00000000,?), ref: 011317BE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                                              • Opcode ID: 433f31008a19a59a5c6f62d11f59e01133f95dc62c580bb9a6ab32a861025272
                                                                                                                                                              • Instruction ID: 701f19ea32958b66d75d7a987508aee69a4d91c2b8f54e41d8afebd28493d2b0
                                                                                                                                                              • Opcode Fuzzy Hash: 433f31008a19a59a5c6f62d11f59e01133f95dc62c580bb9a6ab32a861025272
                                                                                                                                                              • Instruction Fuzzy Hash: 98F0373A000615BBCF372FD5DC04A8D7FA6FB497B0B144420FA2885258C7318960DB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E011231E0(intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16, signed char _a20) {
                                                                                                                                                              				signed int _v8;
                                                                                                                                                              				signed char _v12;
                                                                                                                                                              				signed int _v16;
                                                                                                                                                              				signed int _v20;
                                                                                                                                                              				signed int _v24;
                                                                                                                                                              				signed int _v28;
                                                                                                                                                              				signed int _v32;
                                                                                                                                                              				intOrPtr _v36;
                                                                                                                                                              				signed int _v40;
                                                                                                                                                              				intOrPtr* _v44;
                                                                                                                                                              				void* __ebx;
                                                                                                                                                              				void* __edi;
                                                                                                                                                              				void* __esi;
                                                                                                                                                              				void* __ebp;
                                                                                                                                                              				intOrPtr* _t88;
                                                                                                                                                              				intOrPtr _t90;
                                                                                                                                                              				signed int _t93;
                                                                                                                                                              				signed int _t94;
                                                                                                                                                              				signed int _t108;
                                                                                                                                                              				signed int _t109;
                                                                                                                                                              				signed char _t111;
                                                                                                                                                              				signed int _t112;
                                                                                                                                                              				intOrPtr _t114;
                                                                                                                                                              				signed int _t115;
                                                                                                                                                              				signed int _t119;
                                                                                                                                                              				signed int _t122;
                                                                                                                                                              				intOrPtr* _t126;
                                                                                                                                                              				signed int _t133;
                                                                                                                                                              				signed int _t134;
                                                                                                                                                              				intOrPtr* _t140;
                                                                                                                                                              				signed int _t143;
                                                                                                                                                              				intOrPtr _t145;
                                                                                                                                                              				signed char _t148;
                                                                                                                                                              				signed int _t149;
                                                                                                                                                              				signed int _t150;
                                                                                                                                                              				intOrPtr* _t152;
                                                                                                                                                              				signed int _t153;
                                                                                                                                                              				signed int* _t157;
                                                                                                                                                              				signed int _t160;
                                                                                                                                                              				intOrPtr* _t161;
                                                                                                                                                              				intOrPtr* _t163;
                                                                                                                                                              				signed int _t165;
                                                                                                                                                              				void* _t171;
                                                                                                                                                              				signed int _t172;
                                                                                                                                                              				signed int _t173;
                                                                                                                                                              				signed int _t174;
                                                                                                                                                              				signed int _t175;
                                                                                                                                                              				void* _t176;
                                                                                                                                                              				void* _t177;
                                                                                                                                                              
                                                                                                                                                              				if(E01122CC8( &_a8) == 0) {
                                                                                                                                                              					L5:
                                                                                                                                                              					_t152 = _a12;
                                                                                                                                                              					if(_t152 != 0) {
                                                                                                                                                              						 *_t152 = _a8;
                                                                                                                                                              					}
                                                                                                                                                              					L60:
                                                                                                                                                              					return 0;
                                                                                                                                                              				}
                                                                                                                                                              				_t173 = _a16;
                                                                                                                                                              				if(_t173 == 0 || _t173 >= 2 && _t173 <= 0x24) {
                                                                                                                                                              					_t88 = _a8;
                                                                                                                                                              					_t172 = 0;
                                                                                                                                                              					_v20 = _v20 & 0x00000000;
                                                                                                                                                              					_v44 = _t88;
                                                                                                                                                              					_t148 =  *_t88;
                                                                                                                                                              					_a8 = _t88 + 1;
                                                                                                                                                              					_t90 = _a4;
                                                                                                                                                              					_v12 = _t148;
                                                                                                                                                              					__eflags =  *((char*)(_t90 + 0x14));
                                                                                                                                                              					if(__eflags == 0) {
                                                                                                                                                              						E011234B0(_t90, _t165, __eflags);
                                                                                                                                                              						_t90 = _a4;
                                                                                                                                                              					}
                                                                                                                                                              					_t91 = _t90 + 0xc;
                                                                                                                                                              					_v16 = _t90 + 0xc;
                                                                                                                                                              					_t93 = E01122CE3(_t148, _t165, _t172, _t173, _t148 & 0x000000ff, 8, _t91);
                                                                                                                                                              					_t177 = _t176 + 0xc;
                                                                                                                                                              					__eflags = _t93;
                                                                                                                                                              					if(_t93 == 0) {
                                                                                                                                                              						L13:
                                                                                                                                                              						_t94 = _a20 & 0x000000ff;
                                                                                                                                                              						_v8 = _t94;
                                                                                                                                                              						__eflags = _t148 - 0x2d;
                                                                                                                                                              						if(_t148 != 0x2d) {
                                                                                                                                                              							__eflags = _t148 - 0x2b;
                                                                                                                                                              							if(_t148 != 0x2b) {
                                                                                                                                                              								_t153 = _a8;
                                                                                                                                                              								L18:
                                                                                                                                                              								__eflags = _t173;
                                                                                                                                                              								if(_t173 == 0) {
                                                                                                                                                              									L20:
                                                                                                                                                              									__eflags = _t148 - 0x30 - 9;
                                                                                                                                                              									if(_t148 - 0x30 > 9) {
                                                                                                                                                              										__eflags = _t148 - 0x61 - 0x19;
                                                                                                                                                              										if(_t148 - 0x61 > 0x19) {
                                                                                                                                                              											__eflags = _t148 - 0x41 - 0x19;
                                                                                                                                                              											if(_t148 - 0x41 > 0x19) {
                                                                                                                                                              												L35:
                                                                                                                                                              												__eflags = _t173;
                                                                                                                                                              												if(_t173 == 0) {
                                                                                                                                                              													_t173 = 0xa;
                                                                                                                                                              												}
                                                                                                                                                              												L37:
                                                                                                                                                              												_t101 = _t173;
                                                                                                                                                              												asm("cdq");
                                                                                                                                                              												_t154 = _t165;
                                                                                                                                                              												_v28 = _t173;
                                                                                                                                                              												_v24 = _t165;
                                                                                                                                                              												_v36 = E01133300(0xffffffff, 0xffffffff, _t101, _t154);
                                                                                                                                                              												_v32 = _t165;
                                                                                                                                                              												while(1) {
                                                                                                                                                              													__eflags = _t148 - 0x30 - 9;
                                                                                                                                                              													if(_t148 - 0x30 > 9) {
                                                                                                                                                              														__eflags = _t148 - 0x61 - 0x19;
                                                                                                                                                              														if(_t148 - 0x61 > 0x19) {
                                                                                                                                                              															_t108 = _t148 - 0x41;
                                                                                                                                                              															__eflags = _t108 - 0x19;
                                                                                                                                                              															if(_t108 > 0x19) {
                                                                                                                                                              																_t109 = _t108 | 0xffffffff;
                                                                                                                                                              																__eflags = _t109;
                                                                                                                                                              															} else {
                                                                                                                                                              																_t109 = _t148 + 0xffffffc9;
                                                                                                                                                              															}
                                                                                                                                                              														} else {
                                                                                                                                                              															_t109 = _t148 + 0xffffffa9;
                                                                                                                                                              														}
                                                                                                                                                              													} else {
                                                                                                                                                              														_t109 = _t148 + 0xffffffd0;
                                                                                                                                                              													}
                                                                                                                                                              													_v16 = _t109;
                                                                                                                                                              													__eflags = _t109 - _t173;
                                                                                                                                                              													if(_t109 >= _t173) {
                                                                                                                                                              														break;
                                                                                                                                                              													}
                                                                                                                                                              													_t150 = _v20;
                                                                                                                                                              													_v20 = E01133280(_v28, _v24, _t150, _t172);
                                                                                                                                                              													_t160 = _v16 + _v20;
                                                                                                                                                              													_v40 = _t165;
                                                                                                                                                              													asm("adc eax, edx");
                                                                                                                                                              													_v16 = 0;
                                                                                                                                                              													__eflags = _t172 - _v32;
                                                                                                                                                              													if(__eflags < 0) {
                                                                                                                                                              														L50:
                                                                                                                                                              														_t165 = 0;
                                                                                                                                                              														__eflags = 0;
                                                                                                                                                              														L51:
                                                                                                                                                              														__eflags = 0 - _v40;
                                                                                                                                                              														if(__eflags > 0) {
                                                                                                                                                              															L55:
                                                                                                                                                              															_t122 = 0;
                                                                                                                                                              															__eflags = 0;
                                                                                                                                                              															L56:
                                                                                                                                                              															_t172 = _v16;
                                                                                                                                                              															_v20 = _t160;
                                                                                                                                                              															_v8 = _v8 | (_t122 | _t165) << 0x00000002 | 0x00000008;
                                                                                                                                                              															_t126 = _a8;
                                                                                                                                                              															_t148 =  *_t126;
                                                                                                                                                              															_v12 = _t148;
                                                                                                                                                              															_a8 = _t126 + 1;
                                                                                                                                                              															continue;
                                                                                                                                                              														}
                                                                                                                                                              														if(__eflags < 0) {
                                                                                                                                                              															L54:
                                                                                                                                                              															_t122 = 1;
                                                                                                                                                              															goto L56;
                                                                                                                                                              														}
                                                                                                                                                              														__eflags = _t160 - _v20;
                                                                                                                                                              														if(_t160 >= _v20) {
                                                                                                                                                              															goto L55;
                                                                                                                                                              														}
                                                                                                                                                              														goto L54;
                                                                                                                                                              													}
                                                                                                                                                              													if(__eflags > 0) {
                                                                                                                                                              														L49:
                                                                                                                                                              														_t165 = 1;
                                                                                                                                                              														goto L51;
                                                                                                                                                              													}
                                                                                                                                                              													__eflags = _t150 - _v36;
                                                                                                                                                              													if(_t150 <= _v36) {
                                                                                                                                                              														goto L50;
                                                                                                                                                              													}
                                                                                                                                                              													goto L49;
                                                                                                                                                              												}
                                                                                                                                                              												E01122C9F( &_a8, _v12);
                                                                                                                                                              												_t111 = _v8;
                                                                                                                                                              												__eflags = _t111 & 0x00000008;
                                                                                                                                                              												if((_t111 & 0x00000008) != 0) {
                                                                                                                                                              													_t149 = _v20;
                                                                                                                                                              													_t112 = E01122F58(_t111, _t149, _t172);
                                                                                                                                                              													__eflags = _t112;
                                                                                                                                                              													if(_t112 == 0) {
                                                                                                                                                              														__eflags = _v8 & 0x00000002;
                                                                                                                                                              														if((_v8 & 0x00000002) != 0) {
                                                                                                                                                              															_t149 =  ~_t149;
                                                                                                                                                              															asm("adc edi, 0x0");
                                                                                                                                                              															_t172 =  ~_t172;
                                                                                                                                                              														}
                                                                                                                                                              														L73:
                                                                                                                                                              														_t174 = _a12;
                                                                                                                                                              														__eflags = _t174;
                                                                                                                                                              														if(_t174 != 0) {
                                                                                                                                                              															 *_t174 = _a8;
                                                                                                                                                              														}
                                                                                                                                                              														return _t149;
                                                                                                                                                              													}
                                                                                                                                                              													_t114 = _a4;
                                                                                                                                                              													 *((char*)(_t114 + 0x1c)) = 1;
                                                                                                                                                              													 *((intOrPtr*)(_t114 + 0x18)) = 0x22;
                                                                                                                                                              													_t115 = _v8;
                                                                                                                                                              													__eflags = _t115 & 0x00000001;
                                                                                                                                                              													if((_t115 & 0x00000001) != 0) {
                                                                                                                                                              														_t157 = _a12;
                                                                                                                                                              														__eflags = _t115 & 0x00000002;
                                                                                                                                                              														if((_t115 & 0x00000002) == 0) {
                                                                                                                                                              															__eflags = _t157;
                                                                                                                                                              															if(_t157 != 0) {
                                                                                                                                                              																_t115 = _a8;
                                                                                                                                                              																 *_t157 = _t115;
                                                                                                                                                              															}
                                                                                                                                                              															return _t115 | 0xffffffff;
                                                                                                                                                              														}
                                                                                                                                                              														__eflags = _t157;
                                                                                                                                                              														if(_t157 != 0) {
                                                                                                                                                              															 *_t157 = _a8;
                                                                                                                                                              														}
                                                                                                                                                              														return 0;
                                                                                                                                                              													}
                                                                                                                                                              													_t149 = _t149 | 0xffffffff;
                                                                                                                                                              													_t172 = _t172 | 0xffffffff;
                                                                                                                                                              													goto L73;
                                                                                                                                                              												}
                                                                                                                                                              												_t119 = _a12;
                                                                                                                                                              												__eflags = _t119;
                                                                                                                                                              												if(_t119 != 0) {
                                                                                                                                                              													 *_t119 = _v44;
                                                                                                                                                              												}
                                                                                                                                                              												goto L60;
                                                                                                                                                              											}
                                                                                                                                                              											_t133 = _t148 + 0xffffffc9;
                                                                                                                                                              											__eflags = _t133;
                                                                                                                                                              											L26:
                                                                                                                                                              											__eflags = _t133;
                                                                                                                                                              											if(_t133 != 0) {
                                                                                                                                                              												goto L35;
                                                                                                                                                              											}
                                                                                                                                                              											_t134 =  *_t153;
                                                                                                                                                              											_t161 = _t153 + 1;
                                                                                                                                                              											_v16 = _t134;
                                                                                                                                                              											_a8 = _t161;
                                                                                                                                                              											__eflags = _t134 - 0x78;
                                                                                                                                                              											if(_t134 == 0x78) {
                                                                                                                                                              												L32:
                                                                                                                                                              												__eflags = _t173;
                                                                                                                                                              												if(_t173 == 0) {
                                                                                                                                                              													_t173 = 0x10;
                                                                                                                                                              												}
                                                                                                                                                              												_t148 =  *_t161;
                                                                                                                                                              												_v12 = _t148;
                                                                                                                                                              												_a8 = _t161 + 1;
                                                                                                                                                              												goto L37;
                                                                                                                                                              											}
                                                                                                                                                              											__eflags = _t134 - 0x58;
                                                                                                                                                              											if(_t134 == 0x58) {
                                                                                                                                                              												goto L32;
                                                                                                                                                              											}
                                                                                                                                                              											__eflags = _t173;
                                                                                                                                                              											if(_t173 == 0) {
                                                                                                                                                              												_t173 = 8;
                                                                                                                                                              											}
                                                                                                                                                              											E01122C9F( &_a8, _v16);
                                                                                                                                                              											goto L37;
                                                                                                                                                              										}
                                                                                                                                                              										_t133 = _t148 + 0xffffffa9;
                                                                                                                                                              										goto L26;
                                                                                                                                                              									}
                                                                                                                                                              									_t133 = _t148 + 0xffffffd0;
                                                                                                                                                              									goto L26;
                                                                                                                                                              								}
                                                                                                                                                              								__eflags = _t173 - 0x10;
                                                                                                                                                              								if(_t173 != 0x10) {
                                                                                                                                                              									goto L37;
                                                                                                                                                              								}
                                                                                                                                                              								goto L20;
                                                                                                                                                              							}
                                                                                                                                                              							L16:
                                                                                                                                                              							_t163 = _a8;
                                                                                                                                                              							_t148 =  *_t163;
                                                                                                                                                              							_t153 = _t163 + 1;
                                                                                                                                                              							_v12 = _t148;
                                                                                                                                                              							_a8 = _t153;
                                                                                                                                                              							goto L18;
                                                                                                                                                              						}
                                                                                                                                                              						_v8 = _t94 | 0x00000002;
                                                                                                                                                              						goto L16;
                                                                                                                                                              					}
                                                                                                                                                              					_t175 = _v16;
                                                                                                                                                              					do {
                                                                                                                                                              						_t140 = _a8;
                                                                                                                                                              						_t148 =  *_t140;
                                                                                                                                                              						_a8 = _t140 + 1;
                                                                                                                                                              						_v12 = _t148;
                                                                                                                                                              						_t143 = E01122CE3(_t148, _t165, _t172, _t175, _t148 & 0x000000ff, 8, _t175);
                                                                                                                                                              						_t177 = _t177 + 0xc;
                                                                                                                                                              						__eflags = _t143;
                                                                                                                                                              					} while (_t143 != 0);
                                                                                                                                                              					_t173 = _a16;
                                                                                                                                                              					goto L13;
                                                                                                                                                              				} else {
                                                                                                                                                              					_t145 = _a4;
                                                                                                                                                              					 *((char*)(_t145 + 0x1c)) = 1;
                                                                                                                                                              					 *((intOrPtr*)(_t145 + 0x18)) = 0x16;
                                                                                                                                                              					E0111F8B1(_t171, _t173, 0, 0, 0, 0, 0, _t145);
                                                                                                                                                              					goto L5;
                                                                                                                                                              				}
                                                                                                                                                              			}




















































                                                                                                                                                              0x011231f5
                                                                                                                                                              0x01123226
                                                                                                                                                              0x01123226
                                                                                                                                                              0x0112322b
                                                                                                                                                              0x01123234
                                                                                                                                                              0x01123234
                                                                                                                                                              0x01123425
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01123427
                                                                                                                                                              0x011231f7
                                                                                                                                                              0x011231fc
                                                                                                                                                              0x0112323b
                                                                                                                                                              0x0112323e
                                                                                                                                                              0x01123240
                                                                                                                                                              0x01123244
                                                                                                                                                              0x01123247
                                                                                                                                                              0x0112324a
                                                                                                                                                              0x0112324d
                                                                                                                                                              0x01123250
                                                                                                                                                              0x01123253
                                                                                                                                                              0x01123257
                                                                                                                                                              0x0112325b
                                                                                                                                                              0x01123260
                                                                                                                                                              0x01123260
                                                                                                                                                              0x01123263
                                                                                                                                                              0x01123267
                                                                                                                                                              0x01123270
                                                                                                                                                              0x01123275
                                                                                                                                                              0x01123278
                                                                                                                                                              0x0112327a
                                                                                                                                                              0x011232a1
                                                                                                                                                              0x011232a1
                                                                                                                                                              0x011232a5
                                                                                                                                                              0x011232a8
                                                                                                                                                              0x011232ab
                                                                                                                                                              0x011232b5
                                                                                                                                                              0x011232b8
                                                                                                                                                              0x011232c8
                                                                                                                                                              0x011232cb
                                                                                                                                                              0x011232cb
                                                                                                                                                              0x011232cd
                                                                                                                                                              0x011232d4
                                                                                                                                                              0x011232d8
                                                                                                                                                              0x011232da
                                                                                                                                                              0x011232e8
                                                                                                                                                              0x011232ea
                                                                                                                                                              0x011232f8
                                                                                                                                                              0x011232fa
                                                                                                                                                              0x0112333f
                                                                                                                                                              0x0112333f
                                                                                                                                                              0x01123341
                                                                                                                                                              0x01123345
                                                                                                                                                              0x01123345
                                                                                                                                                              0x01123346
                                                                                                                                                              0x01123346
                                                                                                                                                              0x01123348
                                                                                                                                                              0x01123349
                                                                                                                                                              0x0112334b
                                                                                                                                                              0x01123354
                                                                                                                                                              0x0112335c
                                                                                                                                                              0x0112335f
                                                                                                                                                              0x01123362
                                                                                                                                                              0x01123366
                                                                                                                                                              0x01123368
                                                                                                                                                              0x01123376
                                                                                                                                                              0x01123378
                                                                                                                                                              0x01123384
                                                                                                                                                              0x01123386
                                                                                                                                                              0x01123388
                                                                                                                                                              0x01123392
                                                                                                                                                              0x01123392
                                                                                                                                                              0x0112338a
                                                                                                                                                              0x0112338d
                                                                                                                                                              0x0112338d
                                                                                                                                                              0x0112337a
                                                                                                                                                              0x0112337d
                                                                                                                                                              0x0112337d
                                                                                                                                                              0x0112336a
                                                                                                                                                              0x0112336d
                                                                                                                                                              0x0112336d
                                                                                                                                                              0x01123395
                                                                                                                                                              0x01123398
                                                                                                                                                              0x0112339a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112339c
                                                                                                                                                              0x011233af
                                                                                                                                                              0x011233b4
                                                                                                                                                              0x011233b7
                                                                                                                                                              0x011233ba
                                                                                                                                                              0x011233bc
                                                                                                                                                              0x011233bf
                                                                                                                                                              0x011233c2
                                                                                                                                                              0x011233d0
                                                                                                                                                              0x011233d0
                                                                                                                                                              0x011233d0
                                                                                                                                                              0x011233d2
                                                                                                                                                              0x011233d2
                                                                                                                                                              0x011233d5
                                                                                                                                                              0x011233e3
                                                                                                                                                              0x011233e3
                                                                                                                                                              0x011233e3
                                                                                                                                                              0x011233e5
                                                                                                                                                              0x011233e5
                                                                                                                                                              0x011233f0
                                                                                                                                                              0x011233f3
                                                                                                                                                              0x011233f6
                                                                                                                                                              0x011233f9
                                                                                                                                                              0x011233fc
                                                                                                                                                              0x011233ff
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011233ff
                                                                                                                                                              0x011233d7
                                                                                                                                                              0x011233de
                                                                                                                                                              0x011233e0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011233e0
                                                                                                                                                              0x011233d9
                                                                                                                                                              0x011233dc
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011233dc
                                                                                                                                                              0x011233c4
                                                                                                                                                              0x011233cb
                                                                                                                                                              0x011233cd
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011233cd
                                                                                                                                                              0x011233c6
                                                                                                                                                              0x011233c9
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011233c9
                                                                                                                                                              0x0112340d
                                                                                                                                                              0x01123412
                                                                                                                                                              0x01123415
                                                                                                                                                              0x01123417
                                                                                                                                                              0x0112342b
                                                                                                                                                              0x01123431
                                                                                                                                                              0x01123439
                                                                                                                                                              0x0112343b
                                                                                                                                                              0x01123486
                                                                                                                                                              0x0112348a
                                                                                                                                                              0x0112348c
                                                                                                                                                              0x0112348e
                                                                                                                                                              0x01123491
                                                                                                                                                              0x01123491
                                                                                                                                                              0x01123493
                                                                                                                                                              0x01123493
                                                                                                                                                              0x01123496
                                                                                                                                                              0x01123498
                                                                                                                                                              0x0112349d
                                                                                                                                                              0x0112349d
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011234a1
                                                                                                                                                              0x0112343d
                                                                                                                                                              0x01123440
                                                                                                                                                              0x01123444
                                                                                                                                                              0x0112344b
                                                                                                                                                              0x0112344e
                                                                                                                                                              0x01123450
                                                                                                                                                              0x0112345a
                                                                                                                                                              0x0112345d
                                                                                                                                                              0x0112345f
                                                                                                                                                              0x01123473
                                                                                                                                                              0x01123475
                                                                                                                                                              0x01123477
                                                                                                                                                              0x0112347a
                                                                                                                                                              0x0112347a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112347f
                                                                                                                                                              0x01123461
                                                                                                                                                              0x01123463
                                                                                                                                                              0x01123468
                                                                                                                                                              0x01123468
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112346c
                                                                                                                                                              0x01123452
                                                                                                                                                              0x01123455
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01123455
                                                                                                                                                              0x01123419
                                                                                                                                                              0x0112341c
                                                                                                                                                              0x0112341e
                                                                                                                                                              0x01123423
                                                                                                                                                              0x01123423
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112341e
                                                                                                                                                              0x011232ff
                                                                                                                                                              0x011232ff
                                                                                                                                                              0x01123302
                                                                                                                                                              0x01123302
                                                                                                                                                              0x01123304
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01123306
                                                                                                                                                              0x01123308
                                                                                                                                                              0x01123309
                                                                                                                                                              0x0112330c
                                                                                                                                                              0x0112330f
                                                                                                                                                              0x01123311
                                                                                                                                                              0x0112332b
                                                                                                                                                              0x0112332b
                                                                                                                                                              0x0112332d
                                                                                                                                                              0x01123331
                                                                                                                                                              0x01123331
                                                                                                                                                              0x01123332
                                                                                                                                                              0x01123337
                                                                                                                                                              0x0112333a
                                                                                                                                                              0x00000000
                                                                                                                                                              0x0112333a
                                                                                                                                                              0x01123313
                                                                                                                                                              0x01123315
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01123317
                                                                                                                                                              0x01123319
                                                                                                                                                              0x0112331d
                                                                                                                                                              0x0112331d
                                                                                                                                                              0x01123324
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01123324
                                                                                                                                                              0x011232ef
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011232ef
                                                                                                                                                              0x011232df
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011232df
                                                                                                                                                              0x011232cf
                                                                                                                                                              0x011232d2
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011232d2
                                                                                                                                                              0x011232ba
                                                                                                                                                              0x011232ba
                                                                                                                                                              0x011232bd
                                                                                                                                                              0x011232bf
                                                                                                                                                              0x011232c0
                                                                                                                                                              0x011232c3
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011232c3
                                                                                                                                                              0x011232b0
                                                                                                                                                              0x00000000
                                                                                                                                                              0x011232b0
                                                                                                                                                              0x0112327c
                                                                                                                                                              0x0112327f
                                                                                                                                                              0x0112327f
                                                                                                                                                              0x01123285
                                                                                                                                                              0x01123288
                                                                                                                                                              0x0112328f
                                                                                                                                                              0x01123292
                                                                                                                                                              0x01123297
                                                                                                                                                              0x0112329a
                                                                                                                                                              0x0112329a
                                                                                                                                                              0x0112329e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01123208
                                                                                                                                                              0x01123208
                                                                                                                                                              0x0112320c
                                                                                                                                                              0x01123210
                                                                                                                                                              0x0112321e
                                                                                                                                                              0x00000000
                                                                                                                                                              0x01123223

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000008.00000002.718307098.00000000010E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                              • Associated: 00000008.00000002.718247960.00000000010E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.719764691.0000000001137000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720120479.0000000001142000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              • Associated: 00000008.00000002.720198513.0000000001144000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_8_2_10e0000_c7rWZ6AD59zgrdOhi2rzdfQY.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                              • String ID: +$-
                                                                                                                                                              • API String ID: 3732870572-2137968064
                                                                                                                                                              • Opcode ID: 78be25a60b15b9e51e0c3bd4d0873cf571e7ffd09fdd8a0cc94ffac32be73d41
                                                                                                                                                              • Instruction ID: c61dc9d142696974a597ad6ad980812482de3d6083bf8965aac802364f05df03
                                                                                                                                                              • Opcode Fuzzy Hash: 78be25a60b15b9e51e0c3bd4d0873cf571e7ffd09fdd8a0cc94ffac32be73d41
                                                                                                                                                              • Instruction Fuzzy Hash: 95A1C430A282699FDF1DCE78C8506EE7BA1BF5A224F048559D8B1DB381D738DA11CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%